Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subrion vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-21037
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
Intelliants Subrion
6.1
CVSSv3
CVE-2018-11317
Subrion CMS prior to 4.1.4 has XSS.
Intelliants Subrion
5.4
CVSSv3
CVE-2023-43828
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.
Intelliants Subrion 4.2.1
5.4
CVSSv3
CVE-2023-43830
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or ...
Intelliants Subrion 4.2.1
5.4
CVSSv3
CVE-2023-43884
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
Intelliants Subrion 4.2.1
8.8
CVSSv3
CVE-2023-46947
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
Intelliants Subrion 4.2.1
6.1
CVSSv3
CVE-2020-22330
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
Intelliants Subrion 4.2.1
6.1
CVSSv3
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without p...
Intelliants Subrion 4.2.1
4.8
CVSSv3
CVE-2021-43724
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS up to and including 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
Intelliants Subrion Cms
6.5
CVSSv3
CVE-2020-12467
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
Intelliants Subrion 4.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »