CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Github Security Blog•added 2026/02/03 12:30 a.m.•6 views

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.8AI score0.00254EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/03 12:30 a.m.•2 views

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

6.1CVSS5.8AI score0.00254EPSS

Exploits1References3

Snyk•added 2026/02/03 12:30 a.m.•7 views

Cross-site Scripting (XSS)

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the installation process when user-supplied input is injected into the dbuser, dbpwd, or dbname parameters. An attacker can execute...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References2

NVD•added 2026/02/02 11:16 p.m.•8 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS0.00254EPSS

Exploits1References1

OSV•added 2026/02/02 11:16 p.m.•5 views

CVE-2025-70958

6.1CVSS5.5AI score

Exploits0References1

Cvelist•added 2026/02/02 12:0 a.m.•23 views

CVE-2025-70958

0.00254EPSS

Exploits1References1

CVE•added 2026/02/02 12:0 a.m.•12 views

CVE-2025-70958

Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-10278

Malware in sbrugna...

5.4CVSS5.5AI score0.01638EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2012-1288

Malware in sbrugna...

4.3CVSS6.1AI score0.01924EPSS

Exploits2References16

RedhatCVE•added 2025/05/22 8:10 a.m.•6 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.3CVSS7AI score0.00554EPSS

Exploits0References1

OSV•added 2023/10/20 12:30 a.m.•14 views

GHSA-646R-8FCC-P82R Subrion CMS vulnerable to Cross-site Scripting

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

6.1CVSS6AI score0.00764EPSS

Exploits1References4

Prion•added 2019/12/31 4:15 p.m.•14 views

Design/Logic Flaw

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

4.3CVSS6AI score0.00874EPSS

Exploits2References2Affected Software1

CVE•added 2019/12/31 3:18 p.m.•43 views

CVE-2018-14476

CVE-2018-14476 affects GeniXCMS 1.1.5 and is a cross-site scripting vulnerability exploitable via the installation step 1 parameters. The root cause is reflected in the documentation as XSS through the dbuser or dbhost fields submitted during step 1 of installation, allowing arbitrary web script ...

6.1CVSS6AI score0.00874EPSS

Exploits2References2Affected Software1

Cvelist•added 2019/12/31 3:18 p.m.•19 views

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

6.1AI score0.00874EPSS

Exploits2References2

OSV•added 2019/08/01 5:15 p.m.•2 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.3CVSS5.8AI score

Exploits0References1

NVD•added 2019/08/01 5:15 p.m.•17 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.3CVSS4.7AI score0.00554EPSS

Exploits0References1

Prion•added 2019/08/01 5:15 p.m.•12 views

Design/Logic Flaw

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4CVSS4.8AI score0.00554EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/08/01 4:6 p.m.•19 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.7AI score0.00554EPSS

Exploits0References1

CVE•added 2019/08/01 4:6 p.m.•42 views

CVE-2018-20937

CVE-2018-20937 affects cPanel before 68.0.27, where database and dbuser names are not validated during rename operations (SEC-321). Multiple connected records (RH, CNVD, NVD, CVE lists) corroborate the same description. The vulnerability stems from insufficient validation in the rename process, p...

4.3CVSS4.7AI score0.00554EPSS

Exploits0References1Affected Software1

CNVD•added 2017/03/30 12:0 a.m.•1 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-05629)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. Attackers can use the dbHost or dbUser parameter to...

5.4CVSS5.5AI score0.01638EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by