Intelliants: >> Subrion Security Vulnerabilities
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
CVSS Score
6.1
EPSS Score
0.035
Published
2018-08-02
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-06
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-02
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
CVSS Score
9.8
EPSS Score
0.018
Published
2017-01-20
Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-12-10
Page 3