cbcvebase.

Intelliants Subrion vulnerabilities

44 known vulnerabilities affecting intelliants/subrion.

Total CVEs
44
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM30

Vulnerabilities

Page 2 of 3
CVE-2020-18324P4MEDIUM≥ 0, ≤ 4.2.12022-03-05
CVE-2020-18324 [MEDIUM] CWE-79 Cross-site Scripting in Subrion CMS Cross-site Scripting in Subrion CMS Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the `q` parameter in the Kickstart template.
ghsaosv
CVE-2020-18325P4MEDIUM≥ 0, ≤ 4.2.12022-03-05
CVE-2020-18325 [MEDIUM] CWE-79 Cross-site Scripting in intelliants/subrion Cross-site Scripting in intelliants/subrion Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
ghsaosv
CVE-2018-15563P4MEDIUMCVSS 6.1v4.2.12018-10-02
CVE-2018-15563 [MEDIUM] CWE-79 CVE-2018-15563: _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.
ghsanvdosv
CVE-2019-7356P4MEDIUMCVSS 5.4v4.2.12020-11-04
CVE-2019-7356 [MEDIUM] CWE-79 CVE-2019-7356: Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
nvd
CVE-2023-43828P4MEDIUMCVSS 5.4v4.2.12023-09-27
CVE-2023-43828 [MEDIUM] CWE-79 CVE-2023-43828: A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.
ghsanvdosv
CVE-2021-41948P4MEDIUMCVSS 5.4≤ 4.2.12022-04-29
CVE-2021-41948 [MEDIUM] CWE-79 CVE-2021-41948: A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2. A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
ghsanvdosv
CVE-2023-43884P4MEDIUMCVSS 5.4v4.2.12023-09-28
CVE-2023-43884 [MEDIUM] CWE-79 CVE-2023-43884: A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
ghsanvdosv
CVE-2025-70958P4MEDIUM≥ 0, ≤ 4.2.12026-02-03
CVE-2025-70958 [MEDIUM] CWE-79 Subrion CMS vulnerable to cross-site scripting Subrion CMS vulnerable to cross-site scripting Multiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.
ghsaosv
CVE-2020-22330P4MEDIUMCVSS 6.1v4.2.12021-08-06
CVE-2020-22330 [MEDIUM] CWE-79 CVE-2020-22330: Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
ghsanvdosv
CVE-2023-43830P4MEDIUMCVSS 5.4v4.2.12023-09-27
CVE-2023-43830 [MEDIUM] CWE-79 CVE-2023-43830: A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allo A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
ghsanvdosv
CVE-2021-41502P4MEDIUM≥ 0, ≤ 4.2.12022-06-12
CVE-2021-41502 [MEDIUM] CWE-79 Cross site scripting in intelliants/subrion Cross site scripting in intelliants/subrion An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
ghsaosv
CVE-2023-43875P4MEDIUM≥ 0, ≤ 4.2.12023-10-20
CVE-2023-43875 [MEDIUM] CWE-79 Subrion CMS vulnerable to Cross-site Scripting Subrion CMS vulnerable to Cross-site Scripting Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
ghsaosv
CVE-2018-14835P4MEDIUM≥ 0, ≤ 4.2.12022-05-14
CVE-2018-14835 [MEDIUM] CWE-79 Subrion CMS XSS Subrion CMS XSS Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.
ghsaosv
CVE-2020-22392P4MEDIUM≥ 0, ≤ 4.2.12021-09-01
CVE-2020-22392 [MEDIUM] CWE-79 Cross Site Scripting in Subrion CMS Cross Site Scripting in Subrion CMS Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
ghsaosv
CVE-2018-16327P4MEDIUMCVSS 4.8v4.2.12018-09-01
CVE-2018-16327 [MEDIUM] CWE-79 CVE-2018-16327: There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
nvd
CVE-2022-43120P4MEDIUM≥ 0, ≤ 4.2.12022-11-09
CVE-2022-43120 [MEDIUM] CWE-79 Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Subrion CMS is vulnerable to Cross-Site Scripting (XSS) A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
ghsaosv
CVE-2024-25399P4MEDIUM≥ 0, ≤ 4.2.12024-02-27
CVE-2024-25399 [MEDIUM] CWE-79 Subrion CMS vulnerable to Cross Site Scripting Subrion CMS vulnerable to Cross Site Scripting Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
ghsaosv
CVE-2022-43121P4MEDIUM≥ 0, ≤ 4.2.12022-11-09
CVE-2022-43121 [MEDIUM] CWE-79 Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Subrion CMS is vulnerable to Cross-Site Scripting (XSS) A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
ghsaosv
CVE-2014-9120P4MEDIUMCVSS 4.3≤ 3.2.22014-12-10
CVE-2014-9120 [MEDIUM] CWE-79 CVE-2014-9120: Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inje Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.
ghsanvdosv
CVE-2018-16629P4MEDIUM≥ 0, ≤ 4.2.12022-05-14
CVE-2018-16629 [MEDIUM] CWE-79 Subrion CMS XSS Subrion CMS XSS `panel/uploads/#elf_l1_XA` in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
ghsaosv
Intelliants Subrion vulnerabilities | cvebase