Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
intelliants subrion vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-14840
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Intelliants Subrion 4.2.1
1 EDB exploit
6.1
CVSSv3
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without p...
Intelliants Subrion 4.2.1
8.1
CVSSv3
CVE-2019-20390
A Cross-Site Request Forgery (CSRF) vulnerability exists in Subrion CMS 4.2.1 that allows a remote malicious user to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to vali...
Intelliants Subrion 4.2.1
6.1
CVSSv3
CVE-2017-10795
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote malicious users to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.
Intelliants Subrion 4.1.4
4.8
CVSSv3
CVE-2021-43724
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS up to and including 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
Intelliants Subrion Cms
6.5
CVSSv3
CVE-2020-12467
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
Intelliants Subrion 4.2.1
7.8
CVSSv3
CVE-2020-12468
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
Intelliants Subrion 4.2.1
5.4
CVSSv3
CVE-2023-43828
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.
Intelliants Subrion 4.2.1
5.4
CVSSv3
CVE-2023-43830
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or ...
Intelliants Subrion 4.2.1
5.4
CVSSv3
CVE-2023-43884
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
Intelliants Subrion 4.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »