Subrion Cms@4.2.1 Security Vulnerabilities and Issues — Subrion Cms@4.2.1 CVE List

Lucene search

IntelliantsSubrion Cms4.2.1

3 matches found

CVE•added 2018/11/21 9:29 p.m.•137 views

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

7.2CVSS7.3AI score0.81165EPSS

CVE•added 2018/12/04 4:29 p.m.•50 views

CVE-2018-16629

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

4.8CVSS4.7AI score0.00321EPSS

CVE•added 2018/12/04 4:29 p.m.•47 views

CVE-2018-16631

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

5.4CVSS5.2AI score0.00206EPSS