CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43875
https://notcve.org/view.php?id=CVE-2023-43875
19 Oct 2023 — Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en la instalación de Subrion CMS v.4.2.1 permiten a un atacante local ejecutar scripts web arbitrarios a través de un payload manipulado inyectado en bhost, dbname, dbuser, adminusername y adminemail. • https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43121
https://notcve.org/view.php?id=CVE-2022-43121
09 Nov 2022 — A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la página CMS Field Add de Intelliants Subrion CMS v4.2.1 permite a los atacantes ejecutar script web arbitrarios o HTML a través de un payload manipulado inyectado en el campo de texto de información sobre herramientas. • https://github.com/intelliants/subrion/issues/895 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43120
https://notcve.org/view.php?id=CVE-2022-43120
09 Nov 2022 — A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. Una vulnerabilidad de Cross Site Scripting (XSS) en el componente /panel/fields/add de Intelliants Subrion CMS v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo de texto del valor predeterminad... • https://github.com/intelliants/subrion/issues/894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37059
https://notcve.org/view.php?id=CVE-2022-37059
29 Aug 2022 — Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el Panel de Administración de Subrion CMS versión 4.2.1, permite a un atacante inyectar código arbitrario por medio del Campo Login • https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41502
https://notcve.org/view.php?id=CVE-2021-41502
11 Jun 2022 — An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. Se ha detectado un problema en Subrion CMS versión v4.2.1, Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenada que puede ejecutar código JavaScript malicioso al modificar el nombre de la imagen cargada, cerrar la etiqueta html o añadir el ... • https://github.com/intelliants/subrion/issues/885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43464
https://notcve.org/view.php?id=CVE-2021-43464
04 Apr 2022 — A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). Se presenta una vulnerabilidad de Ejecución de Código Remoto (RCE) en Subrion CMS versión 4.2.1, por medio de código modificado en un campo de fondo; cuando la información es modificada, los datos en ella serán ejecutados mediante eval() • https://github.com/intelliants/subrion/issues/888 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18325
https://notcve.org/view.php?id=CVE-2020-18325
04 Mar 2022 — Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) múltiple en Intelliants Subrion CMS versión v4.2.1 en el panel de Configuración • https://github.com/hamm0nz/CVE-2020-18325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18324
https://notcve.org/view.php?id=CVE-2020-18324
04 Mar 2022 — Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Subrion CMS versión 4.2.1, por medio del parámetro q en la plantilla Kickstart • https://github.com/hamm0nz/CVE-2020-18324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18326
https://notcve.org/view.php?id=CVE-2020-18326
04 Mar 2022 — Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en Intelliants Subrion CMS versión v4.2.1, por medio de la función Members administrator, que podría permitir a un usuario remoto malicioso no autenticado envia... • https://github.com/hamm0nz/CVE-2020-18326 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43724
https://notcve.org/view.php?id=CVE-2021-43724
23 Feb 2022 — A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Subrion CMS versiones hasta 4.2.1, en la funcionalidad Create Page de la Cuenta del administrador por medio de un archivo SGV • https://github.com/intelliants/subrion/issues/890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •