Genixcms

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-17	CVE-2017-5518	Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. network metalgenix CWE-918	4.3
2017-01-17	CVE-2017-5517	SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. network low complexity metalgenix CWE-89	7.5
2017-01-17	CVE-2017-5516	Cross-site Scripting vulnerability in Metalgenix Genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. network metalgenix CWE-79	4.3
2017-01-17	CVE-2017-5515	Cross-site Scripting vulnerability in Metalgenix Genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. network metalgenix CWE-79	3.5
2017-01-12	CVE-2017-5347	SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. network low complexity metalgenix CWE-89	6.5
2017-01-12	CVE-2017-5345	SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. network low complexity metalgenix CWE-89	6.5
2015-06-24	CVE-2015-5066	Cross-site Scripting vulnerability in Metalgenix Genixcms 0.0.3 Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php. network metalgenix CWE-79	4.3
2015-03-23	CVE-2015-2680	Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms 0.0.1 Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. network metalgenix CWE-352	6.8