Intelliants: >> Subrion >> 4.2.0 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-29
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-09
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-29