Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
intelliants subrion vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5543
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
Intelliants Subrion 4.0.5
6.1
CVSSv3
CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
Intelliants Subrion Cms 4.2.1
1 Github repository
6.1
CVSSv3
CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
Intelliants Subrion Cms 4.2.1
1 Github repository
NA
CVE-2012-5452
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] p...
Intelliants Subrion Cms 2.2.1
1 EDB exploit
8.8
CVSSv3
CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
Intelliants Subrion Cms 4.2.1
1 Github repository
6.1
CVSSv3
CVE-2019-11406
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
Intelliants Subrion Cms 4.2.1
6.1
CVSSv3
CVE-2022-43120
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
Intelliants Subrion Cms 4.2.1
6.1
CVSSv3
CVE-2022-43121
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
Intelliants Subrion Cms 4.2.1
8.8
CVSSv3
CVE-2017-6002
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
Intelliants Subrion Cms 4.0.5.10
9.8
CVSSv3
CVE-2017-6013
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
Intelliants Subrion Cms 4.0.5.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »