Subrion CMS
by Intelliants
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43121 | 0.00 | — | 0.01 | Nov 9, 2022 | A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. | |||
| CVE-2021-43724 | 0.00 | — | 0.00 | Feb 23, 2022 | A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | |||
| CVE-2021-41947 | 0.00 | — | 0.01 | Oct 8, 2021 | A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | |||
| CVE-2019-7356 | 0.00 | — | 0.01 | Nov 4, 2020 | Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. | |||
| CVE-2019-11406 | 0.00 | — | 0.01 | May 8, 2019 | Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | |||
| CVE-2017-18366 | 0.00 | — | 0.01 | Apr 12, 2019 | Subrion CMS 4.1.5 has CSRF in blog/delete/. | |||
| CVE-2018-16631 | 0.00 | — | 0.01 | Dec 4, 2018 | Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | |||
| CVE-2015-4129 | 0.00 | — | 0.01 | Jul 5, 2015 | SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. | |||
| CVE-2014-9120 | 0.00 | — | 0.01 | Dec 10, 2014 | Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. |
- CVE-2022-43121Nov 9, 2022risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
- CVE-2021-43724Feb 23, 2022risk 0.00cvss —epss 0.00
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
- CVE-2021-41947Oct 8, 2021risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
- CVE-2019-7356Nov 4, 2020risk 0.00cvss —epss 0.01
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
- CVE-2019-11406May 8, 2019risk 0.00cvss —epss 0.01
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
- CVE-2017-18366Apr 12, 2019risk 0.00cvss —epss 0.01
Subrion CMS 4.1.5 has CSRF in blog/delete/.
- CVE-2018-16631Dec 4, 2018risk 0.00cvss —epss 0.01
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
- CVE-2015-4129Jul 5, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.
- CVE-2014-9120Dec 10, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.
Page 2 of 2