Filtered by vendor Intelliants
Subscribe
Search
Total
19 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35437 | 1 Intelliants | 1 Subrion Cms | 2022-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | |||||
| CVE-2021-41502 | 1 Intelliants | 1 Subrion Cms | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | |||||
| CVE-2021-41948 | 1 Intelliants | 1 Subrion | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". | |||||
| CVE-2020-22330 | 1 Intelliants | 1 Subrion | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. | |||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. | |||||
| CVE-2020-23761 | 1 Intelliants | 1 Subrion | 2021-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | |||||
| CVE-2019-7356 | 1 Intelliants | 1 Subrion | 2020-11-10 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. | |||||
| CVE-2019-20389 | 1 Intelliants | 1 Subrion | 2020-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. | |||||
| CVE-2020-12469 | 1 Intelliants | 1 Subrion | 2020-05-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | |||||
| CVE-2020-12467 | 1 Intelliants | 1 Subrion | 2020-05-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | |||||
| CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | |||||
| CVE-2018-11317 | 1 Intelliants | 1 Subrion | 2019-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS before 4.1.4 has XSS. | |||||
| CVE-2019-11406 | 1 Intelliants | 1 Subrion Cms | 2019-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | |||||
| CVE-2018-16631 | 1 Intelliants | 1 Subrion Cms | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | |||||
| CVE-2018-16629 | 1 Intelliants | 1 Subrion Cms | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | |||||
| CVE-2018-15563 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | |||||
| CVE-2018-14840 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | |||||
| CVE-2017-10795 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | |||||