Medium severity6.1NVD Advisory· Published Aug 2, 2018· Updated Jun 17, 2026
CVE-2018-14840
CVE-2018-14840
Description
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
intelliants/subrionPackagist | < 4.2.2 | 4.2.2 |
Affected products
1Patches
Vulnerability mechanics
References
7- github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47nvdPatchThird Party AdvisoryWEB
- www.exploit-db.com/exploits/45150/nvdExploitThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-vhqr-3gr2-7px9ghsaADVISORY
- github.com/intelliants/subrion/issues/773nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-14840ghsaADVISORY
- github.com/intelliants/subrion/commit/b12e287d3814c0f2d0b1892f95fc0190972d2ba5ghsaWEB
- www.exploit-db.com/exploits/45150ghsaWEB
News mentions
0No linked articles in our index yet.