Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
CVE-2017-17431: GeniXCMS 1.1.5: Malicious Code Injection Through Form Fields
GHSA-pwr7-j6g3-hmx6
CVE-2017-17431
Summary
An attacker can inject malicious code into certain fields in GeniXCMS 1.1.5, potentially allowing them to take control of the website or steal user data. Affected users should update to a fixed version of GeniXCMS to prevent exploitation. Patches for known vulnerabilities may also be available to apply to this version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| composer | genix | cms | <= 1.1.5 |
| – | genixcms | genixcms |
1.1.5 cpe:2.3:a:genixcms:genixcms:1.1.5:*:*:*:*:*:*:* |
Original title
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
Original description
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
ghsa CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Dec 2017 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026