CVEDB API

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Cms Security Vulnerabilities

CVE-2021-43724

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

CVSS Score

4.8

EPSS Score

0.002

Published

2022-02-24

CVE-2021-41947

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

CVSS Score

7.2

EPSS Score

0.003

Published

2021-10-08

CVE-2020-22392

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-08-05

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

CVSS Score

6.1

EPSS Score

0.003

Published

2020-12-26

CVE-2019-7357

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.

CVSS Score

8.8

EPSS Score

0.016

Published

2020-11-10

CVE-2019-11406

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

CVSS Score

6.1

EPSS Score

0.002

Published

2019-05-08

CVE-2017-18366

Subrion CMS 4.1.5 has CSRF in blog/delete/.

CVSS Score

8.8

EPSS Score

0.001

Published

2019-04-15

CVE-2018-16629

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

CVSS Score

4.8

EPSS Score

0.003

Published

2018-12-04

CVE-2018-16631

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

CVSS Score

5.4

EPSS Score

0.002

Published

2018-12-04

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

CVSS Score

7.2

EPSS Score

0.812

Published

2018-11-21

Prev Next

Page 2

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Cms Security Vulnerabilities

Products

Pricing

Contact Us