VulnerableCode Package Details - pkg:composer/genix/cms@1.1.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-115p-cvgk-1fcm Aliases: CVE-2017-17431	Cross-site Scripting GeniXCMS has an XSS via the `from`, `id`, `lang`, `menuid`, `mod`, `q`, `status`, `term`, `to`, or `token` parameters.	1.1.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-115p-cvgk-1fcm
Aliases:
CVE-2017-17431

Cross-site Scripting GeniXCMS has an XSS via the `from`, `id`, `lang`, `menuid`, `mod`, `q`, `status`, `term`, `to`, or `token` parameters.

1.1.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a31b-8m5f-8uhf	Cross-site Scripting GeniXCMS in `/inc/lib/Control/Backend/menus.control.php` has an XSS via the `id` parameter.	CVE-2017-14762
VCID-d6b5-5jtr-xbg9	Code Injection Authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a theme.	CVE-2017-14763
VCID-egzj-24sa-ryen	Code Injection In the Upload Modules page, remote authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a module.	CVE-2017-14764
VCID-kh1w-jbky-6udy	Cross-site Scripting In GeniXCMS in `/inc/lib/backend/menus.control.php` has an XSS via the `id` parameter.	CVE-2017-14761
VCID-y3ud-dqh6-m3dm	Cross-site Scripting GeniXCMS, in `gxadmin/index.php` has an XSS via the Menu `ID` field in a `page=menus` request.	CVE-2017-14765

Vulnerability

Summary

Aliases

VCID-a31b-8m5f-8uhf

Cross-site Scripting GeniXCMS in `/inc/lib/Control/Backend/menus.control.php` has an XSS via the `id` parameter.

CVE-2017-14762

VCID-d6b5-5jtr-xbg9

Code Injection Authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a theme.

CVE-2017-14763

VCID-egzj-24sa-ryen

Code Injection In the Upload Modules page, remote authenticated users can execute arbitrary PHP code via a `.php` file in a ZIP archive of a module.

CVE-2017-14764

VCID-kh1w-jbky-6udy

Cross-site Scripting In GeniXCMS in `/inc/lib/backend/menus.control.php` has an XSS via the `id` parameter.

CVE-2017-14761

VCID-y3ud-dqh6-m3dm

Cross-site Scripting GeniXCMS, in `gxadmin/index.php` has an XSS via the Menu `ID` field in a `page=menus` request.

CVE-2017-14765

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:37:22.460613+00:00	GitLab Importer	Affected by	VCID-115p-cvgk-1fcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-17431.yml	38.6.0
2026-06-02T04:37:07.567649+00:00	GitLab Importer	Fixing	VCID-kh1w-jbky-6udy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-14761.yml	38.6.0
2026-06-02T04:37:07.445082+00:00	GitLab Importer	Fixing	VCID-d6b5-5jtr-xbg9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-14763.yml	38.6.0
2026-06-02T04:37:07.391939+00:00	GitLab Importer	Fixing	VCID-egzj-24sa-ryen	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-14764.yml	38.6.0
2026-06-02T04:37:07.260703+00:00	GitLab Importer	Fixing	VCID-y3ud-dqh6-m3dm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-14765.yml	38.6.0
2026-06-02T04:37:07.232476+00:00	GitLab Importer	Fixing	VCID-a31b-8m5f-8uhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/genix/cms/CVE-2017-14762.yml	38.6.0