{"id":"GHSA-478j-mcrr-3877","summary":"GeniXCMS Cross-site scripting (XSS) vulnerability","details":"Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.","aliases":["CVE-2017-14740"],"modified":"2024-04-25T21:57:34.707173Z","published":"2022-05-14T03:21:09Z","database_specific":{"github_reviewed_at":"2024-04-25T21:32:16Z","cwe_ids":["CWE-79"],"github_reviewed":true,"severity":"MODERATE","nvd_published_at":"2018-04-26T14:29:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14740"},{"type":"PACKAGE","url":"https://github.com/GeniXCMS/GeniXCMS"},{"type":"WEB","url":"https://github.com/faizzaidi/GeniXCMS-Version-1.1.0-Cross-Site-Scripting-XSS"}],"affected":[{"package":{"name":"genix/cms","ecosystem":"Packagist","purl":"pkg:composer/genix/cms"},"versions":["1.1.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-478j-mcrr-3877/GHSA-478j-mcrr-3877.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}