Intelliants: >> Subrion Cms Security Vulnerabilities
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-03-04
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-02-24
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-10-08
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-05
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-12-26
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
CVSS Score
8.8
EPSS Score
0.016
Published
2020-11-10
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-08
Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-15
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-04
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-04