{"api_version":"1","generated_at":"2026-04-23T11:33:53+00:00","cve":"CVE-2015-5066","urls":{"html":"https://cve.report/CVE-2015-5066","api":"https://cve.report/api/cve/CVE-2015-5066.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-5066","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-5066"},"summary":{"title":"CVE-2015-5066","description":"Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-06-24 14:59:00","updated_at":"2018-10-09 19:57:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/archive/1/535806/100/0/threaded","name":"20150622 GeniXCMS XSS Vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html","name":"http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html","refsource":"MISC","tags":["Exploit"],"title":"GeniXCMS 0.0.3 Cross Site Scripting ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt","name":"http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/75398","name":"75398","refsource":"BID","tags":[],"title":"GeniXCMS 'index.php' HTML Injection and Cross Site Scripting vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/37360/","name":"37360","refsource":"EXPLOIT-DB","tags":[],"title":"GeniXCMS 0.0.3 - Cross-Site Scripting - PHP webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4","name":"https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4","refsource":"CONFIRM","tags":[],"title":"Release GeniXCMS v0.0.4 · semplon/GeniXCMS · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-5066","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5066","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"5066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"metalgenix","cpe5":"genixcms","cpe6":"0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5066","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"metalgenix","cpe5":"genixcms","cpe6":"0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-5066","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20150622 GeniXCMS XSS Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/535806/100/0/threaded"},{"name":"http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt","refsource":"MISC","url":"http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt"},{"name":"http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html"},{"name":"https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4","refsource":"CONFIRM","url":"https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4"},{"name":"37360","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/37360/"},{"name":"75398","refsource":"BID","url":"http://www.securityfocus.com/bid/75398"}]}},"nvd":{"publishedDate":"2015-06-24 14:59:00","lastModifiedDate":"2018-10-09 19:57:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:metalgenix:genixcms:0.0.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"5066","Ordinal":"82045","Title":"CVE-2015-5066","CVE":"CVE-2015-5066","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"5066","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"5066","Ordinal":"2","NoteData":"2015-06-24","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"5066","Ordinal":"3","NoteData":"2018-10-09","Type":"Other","Title":"Modified"}]}}}