CVE-2015-5066

Name of the Vulnerable Software and Affected Versions GeniXCMS version 0.0.3

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the content or title field in an add action in the posts page to "index.php" or the "q" parameter in the posts page to "index.php".

Recommendations For GeniXCMS version 0.0.3, consider validating and sanitizing user input for the content and title fields in the posts page, as well as the "q" parameter, to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the posts page and "index.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.