Vulnerabilities > Metalgenix > Genixcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2022-24563 | Cross-site Scripting vulnerability in Metalgenix Genixcms 1.1.11 In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | 5.4 |
| 2019-12-31 | CVE-2018-14476 | Cross-site Scripting vulnerability in Metalgenix Genixcms 1.1.5 GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | 6.1 |
| 2017-01-17 | CVE-2017-5516 | Cross-site Scripting vulnerability in Metalgenix Genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | 6.1 |
| 2017-01-17 | CVE-2017-5515 | Cross-site Scripting vulnerability in Metalgenix Genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | 5.4 |