Intelliants: >> Subrion >> 3.2.5 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-29
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-09
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-29
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-17
Subrion CMS before 4.1.4 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-03
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-06