CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46947
https://notcve.org/view.php?id=CVE-2023-46947
03 Nov 2023 — Subrion 4.2.1 has a remote command execution vulnerability in the backend. Subrion 4.2.1 tiene una vulnerabilidad de ejecución remota de comandos en el backend. • https://github.com/intelliants/subrion/issues/909 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43875
https://notcve.org/view.php?id=CVE-2023-43875
19 Oct 2023 — Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en la instalación de Subrion CMS v.4.2.1 permiten a un atacante local ejecutar scripts web arbitrarios a través de un payload manipulado inyectado en bhost, dbname, dbuser, adminusername y adminemail. • https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43884
https://notcve.org/view.php?id=CVE-2023-43884
28 Sep 2023 — A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en el ID de Referencia del panel Transacciones de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro 'ID de referencia'. • https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43828
https://notcve.org/view.php?id=CVE-2023-43828
27 Sep 2023 — A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. Una vulnerabilidad de cross-site scripting (XSS) en /panel/languages/ de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro 'Title'. • https://github.com/al3zx/xss_languages_subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43830
https://notcve.org/view.php?id=CVE-2023-43830
27 Sep 2023 — A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. Una vulnerabilidad de Cross-Site Scripting (XSS) en /panel/configuration/financial/ de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en varios campos: 'Minimum dep... • https://github.com/al3zx/xss_financial_subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43121
https://notcve.org/view.php?id=CVE-2022-43121
09 Nov 2022 — A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la página CMS Field Add de Intelliants Subrion CMS v4.2.1 permite a los atacantes ejecutar script web arbitrarios o HTML a través de un payload manipulado inyectado en el campo de texto de información sobre herramientas. • https://github.com/intelliants/subrion/issues/895 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43120
https://notcve.org/view.php?id=CVE-2022-43120
09 Nov 2022 — A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. Una vulnerabilidad de Cross Site Scripting (XSS) en el componente /panel/fields/add de Intelliants Subrion CMS v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo de texto del valor predeterminad... • https://github.com/intelliants/subrion/issues/894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37059
https://notcve.org/view.php?id=CVE-2022-37059
29 Aug 2022 — Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el Panel de Administración de Subrion CMS versión 4.2.1, permite a un atacante inyectar código arbitrario por medio del Campo Login • https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41502
https://notcve.org/view.php?id=CVE-2021-41502
11 Jun 2022 — An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. Se ha detectado un problema en Subrion CMS versión v4.2.1, Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenada que puede ejecutar código JavaScript malicioso al modificar el nombre de la imagen cargada, cerrar la etiqueta html o añadir el ... • https://github.com/intelliants/subrion/issues/885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41948
https://notcve.org/view.php?id=CVE-2021-41948
29 Apr 2022 — A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin "contact us" para Subrion CMS versiones anteriores a 4.2.1 incluyéndola, por medio de "List of subjects" • https://github.com/intelliants/subrion-plugin-contact_us/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •