CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43884

A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...

EUVD-2018-6719

Malware in sbrugna...

EUVD-2023-2853

Malicious code in bioql PyPI...

CVE-2023-43828

A Cross-site scripting XSS vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter...

CVE-2019-17225

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue...

Cross Site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject and execute a malicious script by adding a blog and then editing an image file...

Arbitrary File Upload

Intelliants/subrion is vulnerable to arbitrary file upload. The application doesn't restrict the type of files which can be uploaded as a profile image. These files may be executed when the profile is rendered...