Subrion CMS <4.1.5.10 - SQL Injection

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $GET array. id: CVE-2017-11444 info: name: Subrion CMS 4.1.5.10 - SQL Injection author: dwisiswant0 severity: critical description: "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Cross-site Scripting (XSS)

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the installation process when user-supplied input is injected into the dbuser, dbpwd, or dbname parameters. An attacker can execute...

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

PT-2026-5704

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

Subrion CMS 安全漏洞

Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...

CVE-2025-70958

Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-43884

A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...

CVE-2021-41502

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...

CVE-2022-37059

Cross Site Scripting XSS in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field...

CVE-2017-18366

Subrion CMS 4.1.5 has CSRF in blog/delete/...