Lucene search
K

19 matches found

NVD
NVD
added 2026/06/15 2:16 a.m.9 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/03 12:30 a.m.7 views

Cross-site Scripting (XSS)

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the installation process when user-supplied input is injected into the dbuser, dbpwd, or dbname parameters. An attacker can execute...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/02 12:0 a.m.3 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

5.5AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2025/09/11 12:0 a.m.25 views

CVE-2025-56556

Subrion CMS 4.2.1 is affected. The issue arises from the Run SQL Query tool in the SQL Tool admin panel, where authenticated administrators or moderators can gain escalated privileges due to insufficient privilege checks in the SQL query context. The vulnerability affects the Run SQL Query functi...

3.8CVSS7.2AI score0.00187EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.6 views

CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not...

9.8CVSS8.2AI score0.00654EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:8 a.m.3 views

CVE-2018-11317

Subrion CMS before 4.1.4 has XSS...

6.1CVSS7AI score0.00905EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.4 views

Subrion CMS Cross-Site Scripting Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion CMS version v4.2.1, which originates from a cross-site scriptin...

5.4CVSS5.8AI score0.00495EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.6 views

PT-2022-23774 · Unknown · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue allows an attacker to inject arbitrary code via the Login Field in the Admin Panel, potentially leading to Cross Site Scripting XSS attacks. No information is provided about the estimated numbe...

4.8CVSS5.2AI score0.00479EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.4 views

Subrion CMS 跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. A cross-site scripting vulnerability exists in Subrion CMS version 4.2.1 and earlier, which stems from a lack of data validation of user-supplied data and output in the "Contact Us" plugin of the "Topic List". data an...

5.4CVSS5.6AI score0.00466EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.7 views

Subrion CMS 跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the q parameter in the Kickstart...

6.1CVSS5.5AI score0.02681EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/08/06 12:0 a.m.3 views

Subrion CMS跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be triggered by an attacker via a heade...

6.1CVSS5.9AI score0.00641EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.6 views

Subrion CMS 跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion CMS 4.2.1 and earlier versions. The vulnerability can be...

6.1CVSS5.6AI score0.01009EPSS
Exploits1References3
CNVD
CNVD
added 2020/11/11 12:0 a.m.2 views

Subrion Cross-Site Request Forgery Vulnerability

Subrion is a powerful and easy-to-use PHP content management system CMS with full source editing, per-page permissions, user activity monitoring and other powerful features. A cross-site request forgery vulnerability exists in panel/modules/plugins/ in Subrion 4.2.1. An attacker can exploit this...

8.8CVSS6.9AI score0.0136EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2020-32356)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in the /panel/configuration/general settings page in Subrion CMS version...

6.1CVSS6.4AI score0.00949EPSS
Exploits2References1
CNVD
CNVD
added 2019/10/08 12:0 a.m.2 views

Subrion cross-site scripting vulnerability (CNVD-2019-44570)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be exploited by an attacker to execute...

5.4CVSS6.4AI score0.01938EPSS
Exploits5References1
CNVD
CNVD
added 2018/11/22 12:0 a.m.3 views

Subrion CMS Arbitrary PHP Code Execution Vulnerability

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A security vulnerability exists in /panel/uploads in Subrion CMS version 4.2.1, which stems from the failu...

7.2CVSS7.7AI score0.64261EPSS
Exploits10References1
Positive Technologies
Positive Technologies
added 2018/11/21 12:0 a.m.5 views

PT-2018-14956 · Subrion · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a .pht or .phar file. This is because the .htaccess file omits these file types, specifically affecting the /panel/uploads endpoint...

7.2CVSS7.5AI score0.64261EPSS
Exploits10References13
CNVD
CNVD
added 2017/07/20 12:0 a.m.3 views

Subrion CMS SQL Injection Vulnerability (CNVD-2017-18105)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A SQL injection vulnerability exists in the /front/search.php file in Subrion CMS versions prior to...

9.8CVSS8.6AI score0.13098EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/03 12:0 a.m.3 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2017-18106)

Subrion CMS is a powerful and easy-to-use PHP content management system with full source editing, per-page permissions, user activity monitoring and other powerful features. Subrion CMS suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject arbitrary...

6.1CVSS6AI score0.01133EPSS
Exploits1References1
Rows per page
Query Builder