VYPR
Get started
← All advisories
Medium severity5.4NVD Advisory· Published May 3, 2017· Updated May 13, 2026

CVE-2017-8762

CVE-2017-8762

Description

GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
genix/cmsPackagist
< 1.1.11.1.1

Affected products

1

Patches

2
e75e7447455d

#71 #73 #80 #79

https://github.com/semplon/GeniXCMSPuguh WijayantoSep 11, 2017via ghsa
commit
111 files changed · +156 134
  • assets/css/install.css+1 1 modified
    @@ -4,7 +4,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • composer.json+1 1 modified
    @@ -2,7 +2,7 @@
     "name": "genix/cms",

     "type": "project",

     "description": "Simple and Free Opensource CMS and Framework",

-    "version": "1.1.0",

+    "version": "1.1.1",

     "homepage": "http://genix.id",

     "keywords": ["genixcms", "genix", "cms", "metalgenix", "blog", "blog software", "bootstrap"],

     "license": "MIT",
  • forgotpassword.php+2 2 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -28,7 +28,7 @@
 } catch (Exception $e) {
     echo $e->getMessage();
 }
-$data = '';
+$data = [];
 if (isset($_POST['forgotpass'])) {
     $token = Typo::cleanX($_POST['token']);
     if (!isset($_POST['token']) || !Token::validate($token)) {
  • .gitignore+1 0 modified
    @@ -5,3 +5,4 @@ assets/.tmb
 assets/.quarantine
 assets/media/*
 .htaccess
+.idea
  • gxadmin/forgotpassword.php+2 2 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -28,7 +28,7 @@
 } catch (Exception $e) {
     echo $e->getMessage();
 }
-$data = '';
+$data = [];
 
 if (isset($_POST['forgotpass'])) {
     $token = Typo::cleanX($_POST['token']);
  • gxadmin/inc/categories.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/comments.php+1 1 modified
    @@ -7,7 +7,7 @@
  *
  * @since 1.0.0 build date 20160830
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/comments-settings.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.8 build date 20160313
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/dashboard.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/media.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/menus_form_edit.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/menus_form.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/menus.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/modules.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/multilang.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.7 build date 20150718
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/pages_form.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/pages.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/permalink.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.8 build date 20160313
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/posts_form.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/posts.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/settings.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/tags.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.8 build date 20160315
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/themes.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/user_form.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/inc/user.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/index.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/login.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/logout.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20141003
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • gxadmin/themes/install/step0.php+1 1 modified
    @@ -5,7 +5,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • gxadmin/themes/install/step1.php+1 1 modified
    @@ -5,7 +5,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • gxadmin/themes/install/step2.php+1 1 modified
    @@ -5,7 +5,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • gxadmin/themes/install/step3.php+1 1 modified
    @@ -5,7 +5,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • gxadmin/themes/install/step4.php+1 1 modified
    @@ -5,7 +5,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20150221
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • inc/lib/Categories.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140930
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Comments.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 1.0.0 build date 20160830
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Ajax/saveimage-ajax.control.php+1 1 modified
    @@ -7,7 +7,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.1 build date 20141003
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • inc/lib/Control/Ajax/tags-ajax.control.php+1 1 modified
    @@ -7,7 +7,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 0.0.8 build date 20160317
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • inc/lib/Control/Ajax/version-ajax.control.php+1 1 modified
    @@ -7,7 +7,7 @@
  * PHP Based Content Management System and Framework
  * @package GeniXCMS
  * @since 1.0.0 build date 20160804
- * @version 1.1.0
+ * @version 1.1.1
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  * @author Puguh Wijayanto <psw@metalgenix.com>
  • inc/lib/Control/Backend/categories.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/comments.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 1.0.0 build date 20160830
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/comments-settings.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20160313
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/default.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/media.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150312
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/menus.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141007
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/mods.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/modules.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150312
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/multilang.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150718
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/pages.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/permalink.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20160313
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/posts.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/settings.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/tags.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/themes.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150312
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Backend/users.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150312
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Error/400.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150219
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Error/403.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150219
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Error/404.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150219
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Error/500.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150219
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Error/noaccess.control.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20150219
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/author.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/cat.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/default.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/mod.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140805
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/page.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/post.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/rss.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150131
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/sitemap.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141007
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/tag.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141006
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Frontend/thumb.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 1.0.0 build date 20160902
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Control/Install/default.control.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150126
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Date.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.3 build date 20150126
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Db.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Files.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.2 build date 20150313
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/GxMain.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Hooks.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.6 build date 20150706
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Http.class.php+4 3 modified
    @@ -8,7 +8,7 @@
  *
  * @since 1.0.0 build date 20170118
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -227,8 +227,9 @@ public static function addAgent($agent)
     public static function varIpApi()
     {
         $ipApi = [
-            'http://163.172.167.135:8080/json/',
-            'http://geoipfree.com/json/'
+            'https://geoipfree.com/json/',
+            'https://freegeoip.net/json/',
+            'https://freegeoip.io/json/'
         ];
 
         return $ipApi;
  • inc/lib/Image.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150214
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Install.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150126
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Language.class.php+1 1 modified
    @@ -9,7 +9,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Mail.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150126
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Menus.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141007
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Mod.class.php+2 2 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -196,7 +196,7 @@ public static function isActive($mod)
 
     public static function loader()
     {
-        $data = '';
+        $data = [];
         if (User::access(0)) {
             if (isset($_GET['page']) && $_GET['page'] == 'modules') {
                 $token = isset($_GET['token']) ? Typo::cleanX($_GET['token']): '';
  • inc/lib/Options.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141001
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Pages.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 1.0.0 build date 20160827
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Paging.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Pinger.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150202
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Posts.class.php+2 2 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140930
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -468,7 +468,7 @@ public static function tags($id, $title = 'Tags')
     {
         $tags = self::getParam('tags', $id);
         $tags_x = explode(',', $tags);
-        $tag = '';
+        $tag = [];
         foreach ($tags_x as $t) {
             $tag[] = '<a href="'.Url::tag($t)."\">{$t}</a>";
         }
  • inc/lib/Router.class.php+2 2 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.7 build date 20150711
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -245,7 +245,7 @@ public static function scrap($param)
                 }
             }
         } else {
-            $data = '';
+            $data = [];
         }
 
         return $data;
  • inc/lib/Rss.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141005
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Session.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Site.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141004
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Sitemap.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141005
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link https://genix.id
  • inc/lib/Stats.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20150125
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/System.class.php+2 2 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -24,7 +24,7 @@ class System
      *
      * @return float
      */
-    public static $version = '1.1.0';
+    public static $version = '1.1.1';
 
     /**
      * GeniXCMS Version Release.
  • inc/lib/Tags.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.8 build date 20160317
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Theme.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Token.class.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.2 build date 20150309
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Typo.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Upload.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20141003
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Url.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140930
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/User.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Vendor.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.3 build date 20150322
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/lib/Xaptcha.class.php+1 1 modified
    @@ -8,7 +8,7 @@
  *
  * @since 0.0.4-patch build date 20150702
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • inc/themes/gneex/options.php+32 6 modified
    @@ -30,6 +30,29 @@
             'font_color_header' => '#fff',
             'container_width' => '1280',
             'category_layout' => 'blog',
+            'body_background_color' => '',
+            'link_color' => '',
+            'link_color_hover' => '',
+            'background_footer' => '',
+            'link_color_footer' => '',
+            'sidebar_background_color_header' => '',
+            'sidebar_font_color_header' => '',
+            'sidebar_border_width' => '',
+            'sidebar_border_color' => '',
+            'sidebar_font_color_body' => '',
+            'content_border_width' => '',
+            'content_border_color' => '',
+            'content_background_color_body' => '',
+            'fullwidth_page' => '',
+            'background_footer' => '',
+            'link_color_footer' => '',
+            'content_font_color_body' => '',
+            'content_title_size' => '',
+            'content_title_cat_size' => '',
+            'content_title_color' => '',
+            'content_title_color_hover' => '',
+            'list_title_color' => '',
+            'list_title_size' => ''
         );
     $opt = array(
             'gneex_options' => json_encode($arr),
@@ -39,10 +62,11 @@
 
 if (isset($_POST['gneex_options_update'])) {
     unset($_POST['gneex_options_update']);
-    $opt = array();
+    $opt = [];
     foreach ($_POST as $k => $v) {
         // $opt[$k] = urlencode($v);
-        $opt[$k] = Typo::jsonFormat($v);
+        // $opt[$k] = Typo::jsonFormat($v);
+        $opt[$k] = $v;
         // echo $opt[$k];
     }
 
@@ -85,18 +109,20 @@
 
 if (Gneex::checkDB()) {
     $opt = Options::get('gneex_options');
-    // $opt = utf8_encode($opt);
+    $opt = Typo::Xclean($opt);
     // var_dump($opt);
 
     $opt = json_decode($opt, true);
-
+    // print_r($opt);
     if (is_array($opt)) {
-        $o = array();
+        $o = [];
         foreach ($opt as $k => $v) {
             // $o[$k] = urldecode($v);
             $o[$k] = $v;
         }
-    } ?>
+    } 
+
+?>
     <div class="col-md-3">
         <ul class="nav nav-pills nav-stacked" id="myTabs">
             <li role="presentation" class="active"><a href="#home"><i class="fa fa-home"></i> Home</a></li>
  • index.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140925
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • login.php+2 2 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
@@ -32,7 +32,7 @@
 }
 
 System::gZip();
-$data = '';
+$data = [];
 if (isset($_POST['login'])) {
     $token = Typo::cleanX($_POST['token']);
     if (!isset($_POST['token']) || !Token::validate($token)) {
  • logout.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20141003
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • README.md+5 11 modified
    @@ -1,7 +1,5 @@
 # GeniXCMS

-> Update Notice: Please Update to version v1.1.0.

-

-![](https://scontent-sin6-1.xx.fbcdn.net/v/t1.0-9/16195650_667518436742758_1128161184265490528_n.png?oh=df09dadd56c1a329a177f19f591aed14&oe=59124708)

+> Update Notice: Please Update to version v1.1.1.

 

 [![Build Status](https://travis-ci.org/semplon/GeniXCMS.svg?branch=master)](https://travis-ci.org/semplon/GeniXCMS)

 [![CircleCI](https://circleci.com/gh/semplon/GeniXCMS.svg?style=shield&circle-token=c2ef105b7d61e90dadd066ad0e25e3f53d97c6c1)](https://circleci.com/gh/semplon/GeniXCMS)

@@ -40,10 +38,6 @@ This CMSF is a starter point to build your own online applications. With already
 ### Recommended

 * MariaDB Server

 

-### Feature Request

-

-[![Feature Requests](http://feathub.com/semplon/GeniXCMS?format=svg)](http://feathub.com/semplon/GeniXCMS)

-

 ### Installation

 

 #### Manual Upload

@@ -94,16 +88,16 @@ define('USE_MEMCACHED', false);
 

 ### Showcase

 Showcase URL :

-- http://demo.genix.id

+- [http://demo.genix.id](http://demo.genix.id)

 

 ### License

 **GeniXCMS** License : [**MIT License**](LICENSE)

 

 ### Website

-Link : http://genix.id

+Link : [http://genix.id](http://genix.id)

 

 ### Donate

-![Donate Us](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)

+Contact us for Donation. 

 

 ### Developer

-Developed by : Puguh Wijayanto - www.metalgenix.com

+Developed by : Puguh Wijayanto - [metalgenix.com](http://metalgenix.com)
  • register.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20141003
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
  • upgrade.php+1 1 modified
    @@ -6,7 +6,7 @@
  *
  * @since 0.0.1 build date 20140928
  *
- * @version 1.1.0
+ * @version 1.1.1
  *
  * @link https://github.com/semplon/GeniXCMS
  * @link http://genix.id
5a128e830fa4

#71 #73 bugfix

https://github.com/semplon/GeniXCMSPuguh WijayantoSep 5, 2017via ghsa
commit
3 files changed · +5 5
  • inc/lib/Menus.class.php+3 3 modified
    @@ -358,7 +358,7 @@ public static function updateMenuOrder($vars)
     {
         foreach ($vars as $k => $v) {
             
-            // print_r($v);
+            $v['order'] = Typo::int($v['order']);
             $sql = array(
                         'table' => 'menus',
                         'id' => Typo::int($k),
@@ -395,7 +395,7 @@ public static function update($vars)
             $sql = array(
                         'table' => 'menus',
                         'id' => $vars['id'],
-                        'key' => $vars['key'],
+                        'key' => $vars['key']
                     );
             $menu = Db::update($sql);
         }
@@ -407,7 +407,7 @@ public static function delete($id)
         $sql = array(
                     'table' => 'menus',
                     'where' => array(
-                                    'id' => $id,
+                                    'id' => $id
                                 ),
                 );
         $menu = Db::delete($sql);
  • inc/lib/Typo.class.php+1 1 modified
    @@ -307,7 +307,7 @@ public static function filterXss($str)
 //        $str = preg_replace('#on.*=["|\'](.*)["|\']#', '', $str);
         $str = preg_replace('#(?!<pre>.*?)(onload|onerror|onblur|onchange|onscroll|oninput|
         onfocus|onbeforescriptexecute|ontoggle|onratechange|onreadystatechange|onpropertychange|
-        onqt_error|onpageshow|onclick|onmouseover|onunload|event|formaction|actiontype|background)=("|\')(.*)("|\')(?!.*?</pre>)#', '', $str);
+        onqt_error|onpageshow|onclick|onmouseover|onunload|event|formaction|actiontype|background|oncut)=("|\')(.*)("|\')(?!.*?</pre>)#', '', $str);
         $str = preg_replace('#(.*?)(javascript:.*)(.*?)#', '', $str);
         //$str = preg_replace('#&lt;(.*?)script&gt;#', '', $str);
         return $str;
  • README.md+1 1 modified
    @@ -81,7 +81,7 @@ https://docs.genix.id/user-guide/installation/
 

 - Upload all files, except `inc/config/config.php`.

 - edit your site's config.php, 

-- add this new configuration 

+- add this new configuration if not exist

 ```php

 define('SITE_ID', 'type-random-chars');

 define('ADMIN_DIR', 'gxadmin');

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.