Superfish9

**Name of the Vulnerable Software and Affected Versions** GeniXCMS version 1.0.2 **Description** The issue is triggered by an authenticated user submitting a page, which leads to a cross-site scripting (XSS) attack. This can be demonstrated by a crafted `oncut` attribute in a `B` element. **Recommendations** For GeniXCMS version 1.0.2, consider disabling the submission of pages by authenticated users until a patch is available, or restrict the use of the `oncut` attribute in `B` elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GeniXCMS versions prior to 1.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `modules` parameter in the inc/lib/Options.class.php file. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue.