Miggo Logo
Miggo Vulnerability Database
CVE-2017-14762

CVE-2017-14762: GeniXCMS Cross-site Scripting (XSS) via id parameter

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-14762
GHSA ID
GHSA-jgc6-jr94-h442
EPSS Score
0.47285%
CWE
CWE-79
Published
5/17/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
genix/cmscomposer= 1.1.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The vulnerability is explicitly tied to the 'id' parameter in menus.control.php
  2. Backend controllers typically handle parameter processing and view rendering
  3. XSS requires unsanitized output of user input - the most likely scenario is a controller method retrieving $_GET['id'] and embedding it directly in HTML output
  4. The file path suggests this is part of the menu management backend where ID parameters are commonly used for CRUD operations
  5. While exact function names aren't provided, the pattern matches common MVC controller methods like edit() that handle record modification interfaces

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In **niX*MS *.*.*, `/in*/li*/*ontrol/***k*n*/m*nus.*ontrol.p*p` **s XSS vi* t** i* p*r*m*t*r.

Reasoning

*. T** vuln*r**ility is *xpli*itly ti** to t** 'i*' p*r*m*t*r in m*nus.*ontrol.p*p *. ***k*n* *ontroll*rs typi**lly **n*l* p*r*m*t*r pro**ssin* *n* vi*w r*n**rin* *. XSS r*quir*s uns*nitiz** output o* us*r input - t** most lik*ly s**n*rio is * *ontro