CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46947
https://notcve.org/view.php?id=CVE-2023-46947
03 Nov 2023 — Subrion 4.2.1 has a remote command execution vulnerability in the backend. Subrion 4.2.1 tiene una vulnerabilidad de ejecución remota de comandos en el backend. • https://github.com/intelliants/subrion/issues/909 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43884
https://notcve.org/view.php?id=CVE-2023-43884
28 Sep 2023 — A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en el ID de Referencia del panel Transacciones de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro 'ID de referencia'. • https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43828
https://notcve.org/view.php?id=CVE-2023-43828
27 Sep 2023 — A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. Una vulnerabilidad de cross-site scripting (XSS) en /panel/languages/ de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro 'Title'. • https://github.com/al3zx/xss_languages_subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43830
https://notcve.org/view.php?id=CVE-2023-43830
27 Sep 2023 — A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. Una vulnerabilidad de Cross-Site Scripting (XSS) en /panel/configuration/financial/ de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en varios campos: 'Minimum dep... • https://github.com/al3zx/xss_financial_subrion_4.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41948
https://notcve.org/view.php?id=CVE-2021-41948
29 Apr 2022 — A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin "contact us" para Subrion CMS versiones anteriores a 4.2.1 incluyéndola, por medio de "List of subjects" • https://github.com/intelliants/subrion-plugin-contact_us/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22330
https://notcve.org/view.php?id=CVE-2020-22330
06 Aug 2021 — Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Subrion versión 4.2.1 por medio del título cuando se añade una página • https://github.com/intelliants/subrion/issues/850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18155
https://notcve.org/view.php?id=CVE-2020-18155
14 Jul 2021 — SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. Una vulnerabilidad de inyección SQL en Subrion CMS versión v4.2.1, en la página de búsqueda si un sitio web usa una conexión PDO • https://github.com/intelliants/subrion/issues/817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23761
https://notcve.org/view.php?id=CVE-2020-23761
09 Apr 2021 — Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en subrion CMS versiones anteriores a 4.2.1 incluyéndola, permite a atacantes remotos ejecutar un script web arbitrario por medio de la columna "payment gateway" en la pestaña de transacciones • http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7356
https://notcve.org/view.php?id=CVE-2019-7356
04 Nov 2020 — Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. Subrion CMS versión v4.2.1, permite un ataque de tipo XSS por medio del parámetro panel/phrases/VALUE • https://github.com/ngpentest007/CVE-2019-7356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-20389 – Subrion CMS 4.2.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-20389
14 May 2020 — An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. Se identificó un problema de tipo XSS en Subrion CMS versión 4.2.1, en la página de configuración /panel/configuration/general. Un atacante remoto puede inyectar código JavaScript arbitrario en el parámetro v[langu... • https://packetstorm.news/files/id/157699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •