Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subrion vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-4129
SQL injection vulnerability in Subrion CMS prior to 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.
Intelliants Subrion Cms
5.8
CVSSv2
CVE-2019-20390
A Cross-Site Request Forgery (CSRF) vulnerability exists in Subrion CMS 4.2.1 that allows a remote malicious user to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to vali...
Intelliants Subrion 4.2.1
4.3
CVSSv2
CVE-2018-14840
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Intelliants Subrion 4.2.1
1 EDB exploit
NA
CVE-2023-43875
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local malicious user to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
Intelliants Subrion Cms 4.2.1
NA
CVE-2022-43120
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
Intelliants Subrion Cms 4.2.1
NA
CVE-2022-43121
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
Intelliants Subrion Cms 4.2.1
4.3
CVSSv2
CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
Intelliants Subrion Cms 4.2.1
1 Github repository
6.8
CVSSv2
CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
Intelliants Subrion Cms 4.2.1
1 Github repository
3.5
CVSSv2
CVE-2020-22392
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
Intelliants Subrion Cms 4.2.2
4.3
CVSSv2
CVE-2020-35437
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
Intelliants Subrion Cms 4.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »