Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Intelliants Subscribe
Total 56 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43121 1 Intelliants 1 Subrion Cms 2022-11-09 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
CVE-2022-43120 1 Intelliants 1 Subrion Cms 2022-11-09 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
CVE-2022-37059 1 Intelliants 1 Subrion Cms 2022-08-31 N/A 4.8 MEDIUM
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
CVE-2020-35437 1 Intelliants 1 Subrion Cms 2022-07-17 4.3 MEDIUM 6.1 MEDIUM
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
CVE-2021-41502 1 Intelliants 1 Subrion Cms 2022-06-17 3.5 LOW 5.4 MEDIUM
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
CVE-2021-41948 1 Intelliants 1 Subrion 2022-05-10 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
CVE-2021-43464 1 Intelliants 1 Subrion Cms 2022-04-12 6.5 MEDIUM 8.8 HIGH
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
CVE-2020-18326 1 Intelliants 1 Subrion Cms 2022-03-11 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVE-2020-18325 1 Intelliants 1 Subrion Cms 2022-03-11 4.3 MEDIUM 6.1 MEDIUM
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVE-2020-18324 1 Intelliants 1 Subrion Cms 2022-03-11 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
CVE-2021-43724 1 Intelliants 1 Subrion Cms 2022-03-02 3.5 LOW 4.8 MEDIUM
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
CVE-2021-41947 1 Intelliants 1 Subrion Cms 2021-11-30 6.5 MEDIUM 7.2 HIGH
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
CVE-2020-22330 1 Intelliants 1 Subrion 2021-08-12 4.3 MEDIUM 6.1 MEDIUM
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
CVE-2020-22392 1 Intelliants 1 Subrion Cms 2021-08-11 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVE-2020-18155 1 Intelliants 1 Subrion 2021-07-29 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
CVE-2018-19422 1 Intelliants 1 Subrion Cms 2021-05-26 6.5 MEDIUM 7.2 HIGH
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
CVE-2020-23761 1 Intelliants 1 Subrion 2021-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
CVE-2019-7357 1 Intelliants 1 Subrion Cms 2020-11-24 6.8 MEDIUM 8.8 HIGH
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
CVE-2019-7356 1 Intelliants 1 Subrion 2020-11-10 3.5 LOW 5.4 MEDIUM
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
CVE-2019-20390 1 Intelliants 1 Subrion 2020-05-18 5.8 MEDIUM 8.1 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.