Subrion Cms Security Vulnerabilities and Issues — Subrion Cms CVE List

Lucene search

IntelliantsSubrion Cms

10 matches found

CVE•added 2024/02/27 4:15 p.m.•6309 views

CVE-2024-25399

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.

6.1CVSS5.9AI score0.00236EPSS

CVE•added 2020/12/26 4:15 a.m.•96 views

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

6.1CVSS5.9AI score0.00311EPSS

CVE•added 2022/11/09 4:15 p.m.•71 views

CVE-2022-43121

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

6.1CVSS5.8AI score0.00573EPSS

CVE•added 2022/11/09 4:15 p.m.•69 views

CVE-2022-43120

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

6.1CVSS5.8AI score0.00533EPSS

CVE•added 2022/03/04 3:15 p.m.•63 views

CVE-2020-18324

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.

6.1CVSS5.9AI score0.06672EPSS

CVE•added 2022/03/04 3:15 p.m.•63 views

CVE-2020-18325

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

6.1CVSS5.9AI score0.01623EPSS

CVE•added 2019/05/08 6:29 p.m.•57 views

CVE-2019-11406

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2012/10/22 11:55 p.m.•41 views

CVE-2012-4773

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/...

6.8CVSS7.2AI score0.06505EPSS

CVE•added 2023/10/19 10:15 p.m.•40 views

CVE-2023-43875

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

6.1CVSS6AI score0.026EPSS

CVE•added 2015/07/05 10:59 a.m.•29 views

CVE-2015-4129

SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

6.5CVSS8.2AI score0.0087EPSS