CVE-2022-24563: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

March 4, 2022 (updated March 11, 2022)

In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.

References

genix.me/
github.com/advisories/GHSA-5mwx-f6w6-7w5r
github.com/truonghuuphuc/CVE
github.com/truonghuuphuc/CVE/blob/main/CVE-2022-24563.pdf
nvd.nist.gov/vuln/detail/CVE-2022-24563

Code Behaviors & Features

Detect and mitigate CVE-2022-24563 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →