CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41948
https://notcve.org/view.php?id=CVE-2021-41948
29 Apr 2022 — A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin "contact us" para Subrion CMS versiones anteriores a 4.2.1 incluyéndola, por medio de "List of subjects" • https://github.com/intelliants/subrion-plugin-contact_us/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23761
https://notcve.org/view.php?id=CVE-2020-23761
09 Apr 2021 — Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en subrion CMS versiones anteriores a 4.2.1 incluyéndola, permite a atacantes remotos ejecutar un script web arbitrario por medio de la columna "payment gateway" en la pestaña de transacciones • http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12469
https://notcve.org/view.php?id=CVE-2020-12469
29 Apr 2020 — admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. El archivo admin/blocks.php en Subrion CMS versiones hasta 4.2.1, permite una inyección de objetos PHP (con una eliminación de archivos resultante) por medio de datos serializados en el valor de las subpáginas dentro de un bloque para bloquear y editar. • https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-21037
https://notcve.org/view.php?id=CVE-2018-21037
17 Mar 2020 — Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. Subrion CMS versión 4.1.5 (y posiblemente versiones anteriores), permiten un ataque de tipo CSRF para cambiar la contraseña de administrador por medio del URI panel/members/edit/1. • https://github.com/intelliants/subrion/issues/638 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11317
https://notcve.org/view.php?id=CVE-2018-11317
03 Jul 2019 — Subrion CMS before 4.1.4 has XSS. Subrion CMS en versiones anteriores a la 4.1.4 tiene Cross-Site Scripting (XSS). • https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15063
https://notcve.org/view.php?id=CVE-2017-15063
06 Oct 2017 — There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. Existen vulnerabilidades de Cross-Site Request Forgery (CSRF) en Subrion CMS en versiones 4.1.x hasta la 4.1.5 y en versiones anteriores a la 4.2.0 debido a un error de lógica. Aunque existen funcionalidades para detectar CSRF... • https://github.com/intelliants/subrion/issues/547 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-10795
https://notcve.org/view.php?id=CVE-2017-10795
02 Jul 2017 — Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Subrion CMS 4.1.4 y anteriores permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el cuerpo de blog/add/. Esta vulnerabilidad es diferente de CVE-2017-6069. • http://www.securityfocus.com/bid/99378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5543
https://notcve.org/view.php?id=CVE-2017-5543
20 Jan 2017 — includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. includes/classes/ia.core.users.php en Subrion CMS 4.0.5 permite a atacantes remotos llevar a cabo ataques PHP Object Injection a través de datos serializados manipulados en una salt cookie en una petición de inicio de sesión. • http://www.securityfocus.com/bid/95688 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9120 – Subrion CMS 3.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-9120
09 Dec 2014 — Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. Vulnerabilidad de XSS en Subrion CMS anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO en subrion/search/. Subrion CMS version 3.2.2 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/129447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •