Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IntelliantsSubrion*

7 matches found

CVE
CVEadded 2022/04/29 2:15 p.m.84 views

CVE-2021-41948

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS

5.4CVSS5.3AI score0.00181EPSS
CVE
CVEadded 2019/07/03 4:15 p.m.80 views

CVE-2018-11317

Subrion CMS before 4.1.4 has XSS.

6.1CVSS6.2AI score0.0024EPSS
CVE
CVEadded 2020/03/17 3:15 p.m.55 views

CVE-2018-21037

Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.

8.8CVSS8.8AI score0.00177EPSS
CVE
CVEadded 2021/04/09 6:15 p.m.54 views

CVE-2020-23761

Cross Site Scripting (XSS) vulnerability in subrion CMS Version

6.1CVSS6AI score0.00402EPSS
CVE
CVEadded 2017/10/06 7:29 a.m.39 views

CVE-2017-15063

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.

8.8CVSS8.8AI score0.00133EPSS
CVE
CVEadded 2020/04/29 9:15 p.m.35 views

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.

6.5CVSS6.5AI score0.00225EPSS
CVE
CVEadded 2014/12/10 3:59 p.m.32 views

CVE-2014-9120

Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.

4.3CVSS5.8AI score0.0033EPSS