CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

696 matches found

Subrion CMS <4.1.5.10 - SQL Injection

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $GET array. id: CVE-2017-11444 info: name: Subrion CMS 4.1.5.10 - SQL Injection author: dwisiswant0 severity: critical description: "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in...

9.8CVSS7.4AI score0.13098EPSS

Exploits1References5

NVD•added 2026/06/15 2:16 a.m.•9 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS

Exploits0References6

EUVD•added 2026/06/15 12:45 a.m.•8 views

EUVD-2026-36677

4.8CVSS3.3AI score0.00214EPSS

Exploits0References5

Vulnrichment•added 2026/06/15 12:45 a.m.•7 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

4.8CVSS3.7AI score0.00214EPSS

Exploits0References6

CVE•added 2026/06/15 12:45 a.m.•12 views

CVE-2026-12202

Intelliants Subrion CMS (up to 4.0.3) is affected via the Blocks Endpoint, where manipulating the CSS class name can trigger cross-site scripting. The issue is exploitable remotely and a public exploit exists. Vendor did not respond to disclosure. Based on linked CVSS data, the impact is limited ...

4.8CVSS3.3AI score0.00214EPSS

Exploits0References6

Cvelist•added 2026/06/15 12:45 a.m.•31 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

4.8CVSS0.00214EPSS

Exploits0References6

Positive Technologies•added 2026/06/15 12:0 a.m.•11 views

PT-2026-49163

4.8CVSS3.7AI score0.00214EPSS

Exploits0References6

RedhatCVE•added 2026/02/03 3:11 a.m.•8 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References1

Snyk•added 2026/02/03 12:30 a.m.•7 views

Cross-site Scripting (XSS)

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the installation process when user-supplied input is injected into the dbuser, dbpwd, or dbname parameters. An attacker can execute...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References2

Github Security Blog•added 2026/02/03 12:30 a.m.•7 views

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.8AI score0.00254EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/03 12:30 a.m.•2 views

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

6.1CVSS5.8AI score0.00254EPSS

Exploits1References3

NVD•added 2026/02/02 11:16 p.m.•10 views

CVE-2025-70958

6.1CVSS0.00254EPSS

Exploits1References1

OSV•added 2026/02/02 11:16 p.m.•6 views

CVE-2025-70958

6.1CVSS5.5AI score

Exploits0References1

ATTACKERKB•added 2026/02/02 12:0 a.m.•3 views

CVE-2025-70958

5.5AI score0.00254EPSS

Exploits1References2

CVE•added 2026/02/02 12:0 a.m.•12 views

CVE-2025-70958

Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/02/02 12:0 a.m.•24 views

CVE-2025-70958

0.00254EPSS

Exploits1References1

Positive Technologies•added 2026/02/02 12:0 a.m.•8 views

PT-2026-5704

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...

6.1CVSS5.4AI score0.00254EPSS

Exploits1References8

Vulnrichment•added 2026/02/02 12:0 a.m.•3 views

CVE-2025-70958

5.5AI score0.00254EPSS

Exploits1References1

CNNVD•added 2026/02/02 12:0 a.m.•7 views

Subrion CMS 安全漏洞

Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...

6.1CVSS5.6AI score0.00254EPSS

Exploits1References1

Packet Storm News•added 2026/02/02 12:0 a.m.•3 views

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.0099EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by