CVE-2015-2678
published 2015-03-23CVE-2015-2678: Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.40%
91.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genixcms | genixcms | <= 0.0.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17http://osvdb.org/show/osvdb/119394http://packetstormsecurity.com/files/130771/GeniXCMS-0.0.1-Cross-Site-Scripting.htmlhttp://www.exploit-db.com/exploits/36321http://www.securityfocus.com/bid/73301http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5233.phphttps://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815https://github.com/semplon/GeniXCMS/issues/7http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17http://osvdb.org/show/osvdb/119394http://packetstormsecurity.com/files/130771/GeniXCMS-0.0.1-Cross-Site-Scripting.htmlhttp://www.exploit-db.com/exploits/36321http://www.securityfocus.com/bid/73301http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5233.phphttps://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815https://github.com/semplon/GeniXCMS/issues/7
2015-03-23
Published