Packagist (Composer) package

intelliants/subrion

pkg:composer/intelliants/subrion

Vulnerabilities (42)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2017-5543	Cri	9.8		>= 4.0.5, < 4.1.0	4.1.0	Jan 20, 2017	includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
CVE-2014-9120		—		< 3.2.3	3.2.3	Dec 10, 2014	Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.

CVE-2017-5543CriJan 20, 2017
affected >= 4.0.5, < 4.1.0fixed 4.1.0
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
CVE-2014-9120Dec 10, 2014
affected < 3.2.3fixed 3.2.3
Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.

Page 3 of 3