Page 2 of 33 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-41947

https://notcve.org/view.php?id=CVE-2021-41947

08 Oct 2021 — A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. Se presenta una vulnerabilidad de inyección SQL en Subrion CMS versión v4.2.1 en el modo visual • https://github.com/intelliants/subrion/issues/887 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-22392

https://notcve.org/view.php?id=CVE-2020-22392

05 Aug 2021 — Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Subrion CMS versión 4.2.2, cuando se añade un blog y luego se edita un archivo de imagen • https://github.com/intelliants/subrion/issues/868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4

CVE-2020-35437 – Subrion CMS 4.2.1 - 'avatar[path]' XSS

https://notcve.org/view.php?id=CVE-2020-35437

26 Dec 2020 — Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. Subrion CMS versión 4.2.1, está afectado por: una vulnerabilidad Cross Site Scripting (XSS) por medio del parámetro avatar(path) en una petición POST en el URI /_core/profile/ Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. Original discovered of cross site scripting in this version is attributed to Ismail Tasdelen in July of 2018. • https://packetstorm.news/files/id/160783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-7357

https://notcve.org/view.php?id=CVE-2019-7357

10 Nov 2020 — Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. Subrion CMS versión 4.2.1, presenta una vulnerabilidad de tipo CSRF en el archivo panel/modules/plugins/. El atacante puede activar y desactivar los plugins remotamente • https://github.com/ngpentest007/CVE-2019-7357 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-11406

https://notcve.org/view.php?id=CVE-2019-11406

08 May 2019 — Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. Subrion CMS 4.2.1 permite _core/es/contactos/XSS a través de los parámetros de nombre, correo electrónico o teléfono. • https://github.com/intelliants/subrion/commits/develop • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-18366

https://notcve.org/view.php?id=CVE-2017-18366

12 Apr 2019 — Subrion CMS 4.1.5 has CSRF in blog/delete/. Subrion CMS 4.1.5 es vulnerable a un CSRF en blog/delete/. • https://github.com/intelliants/subrion/issues/477 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16629

https://notcve.org/view.php?id=CVE-2018-16629

04 Dec 2018 — panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. panel/uploads/#elf_l1_XA en Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante un archivo SVG con JavaScript en un elemento SCRIPT. • https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16631

https://notcve.org/view.php?id=CVE-2018-16631

04 Dec 2018 — Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante el parámetro SITE TITLE en panel/configuration/general/. • https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 92%CPEs: 1EXPL: 7

CVE-2018-19422 – Subrion CMS 4.2.1 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2018-19422

21 Nov 2018 — /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. /panel/uploads en Subrion CMS 4.2.1 permite que los atacantes remotos ejecuten código PHP remoto mediante un archivo .pht o .phar, ya que el archivo .htaccess los omite. • https://packetstorm.news/files/id/173998 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1

CVE-2017-11444

https://notcve.org/view.php?id=CVE-2017-11444

19 Jul 2017 — Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. Subrion CMS anterior a versión 4.1.5.10, presenta una vulnerabilidad de inyección SQL en el archivo /front/search.php por medio de la matriz $_GET. • https://github.com/intelliants/subrion/issues/479 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •