Intelliants Subrion Cms vulnerabilities
36 known vulnerabilities affecting intelliants/subrion_cms.
Total CVEs
36
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM20LOW2
Vulnerabilities
Page 2 of 2
CVE-2020-18324P4MEDIUMCVSS 6.1v4.2.12022-03-04
CVE-2020-18324 [MEDIUM] CWE-79 CVE-2020-18324: Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kick
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
nvd
CVE-2020-18325P4MEDIUMCVSS 6.1v4.2.12022-03-04
CVE-2020-18325 [MEDIUM] CWE-79 CVE-2020-18325: Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the C
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
nvd
CVE-2025-70958P4MEDIUMCVSS 6.1v4.2.12026-02-02
CVE-2025-70958 [MEDIUM] CWE-79 CVE-2025-70958: Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion
Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.
nvd
CVE-2021-41502P4MEDIUMCVSS 5.4v4.2.12022-06-11
CVE-2021-41502 [MEDIUM] CWE-79 CVE-2021-41502: An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerabi
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
nvd
CVE-2019-11406P4MEDIUMCVSS 6.1v4.2.12019-05-08
CVE-2019-11406 [MEDIUM] CWE-79 CVE-2019-11406: Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
nvd
CVE-2023-43875P4MEDIUMCVSS 6.1v4.2.12023-10-19
CVE-2023-43875 [MEDIUM] CWE-79 CVE-2023-43875: Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
nvd
CVE-2020-22392P4MEDIUMCVSS 5.4v4.2.22021-08-05
CVE-2020-22392 [MEDIUM] CWE-79 CVE-2020-22392: Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then edi
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
nvd
CVE-2022-43120P4MEDIUMCVSS 6.1v4.2.12022-11-09
CVE-2022-43120 [MEDIUM] CWE-79 CVE-2022-43120: A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
nvd
CVE-2024-25399P4MEDIUMCVSS 6.1v4.2.12024-02-27
CVE-2024-25399 [MEDIUM] CWE-79 CVE-2024-25399: Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
nvd
CVE-2018-16631P4MEDIUMCVSS 5.4v4.2.12018-12-04
CVE-2018-16631 [MEDIUM] CWE-79 CVE-2018-16631: Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
nvd
CVE-2022-43121P4MEDIUMCVSS 6.1v4.2.12022-11-09
CVE-2022-43121 [MEDIUM] CWE-79 CVE-2022-43121: A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
nvd
CVE-2018-16629P4MEDIUMCVSS 4.8v4.2.12018-12-04
CVE-2018-16629 [MEDIUM] CWE-79 CVE-2018-16629: panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIP
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
nvd
CVE-2021-43724P4MEDIUMCVSS 4.8≤ 4.2.12022-02-24
CVE-2021-43724 [MEDIUM] CWE-79 CVE-2021-43724: A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page fun
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
nvd
CVE-2025-56556P4LOWCVSS 3.8v4.2.12025-09-11
CVE-2025-56556 [LOW] CWE-566 CVE-2025-56556: An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators wit
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.
nvd
CVE-2022-37059P4MEDIUMCVSS 4.8v4.2.12022-08-29
CVE-2022-37059 [MEDIUM] CWE-79 CVE-2022-37059: Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary c
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
nvd
CVE-2026-12202P4LOWCVSS 2.4v4.0.0v4.0.1+2 more2026-06-15
CVE-2026-12202 [LOW] CWE-79 CVE-2026-12202: A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is som
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was con
nvd
← Previous2 / 2