GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework (CMSF). It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Desc: Input passed to the 'cat' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: nginx/1.4.6 (Ubuntu) Apache 2.4.10 (Win32) PHP 5.6.3 MySQL 5.6.21 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5233 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5233.php 05.03.2015 --- Stored: -------
Reflected: ---------- http://localhost/genixcms/index.php?page=1'