CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2021-41947
https://notcve.org/view.php?id=CVE-2021-41947
08 Oct 2021 — A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. Se presenta una vulnerabilidad de inyección SQL en Subrion CMS versión v4.2.1 en el modo visual • https://github.com/intelliants/subrion/issues/887 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2020-35437 – Subrion CMS 4.2.1 - 'avatar[path]' XSS
https://notcve.org/view.php?id=CVE-2020-35437
26 Dec 2020 — Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. Subrion CMS versión 4.2.1, está afectado por: una vulnerabilidad Cross Site Scripting (XSS) por medio del parámetro avatar(path) en una petición POST en el URI /_core/profile/ Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. Original discovered of cross site scripting in this version is attributed to Ismail Tasdelen in July of 2018. • https://packetstorm.news/files/id/160783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7357
https://notcve.org/view.php?id=CVE-2019-7357
10 Nov 2020 — Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. Subrion CMS versión 4.2.1, presenta una vulnerabilidad de tipo CSRF en el archivo panel/modules/plugins/. El atacante puede activar y desactivar los plugins remotamente • https://github.com/ngpentest007/CVE-2019-7357 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11406
https://notcve.org/view.php?id=CVE-2019-11406
08 May 2019 — Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. Subrion CMS 4.2.1 permite _core/es/contactos/XSS a través de los parámetros de nombre, correo electrónico o teléfono. • https://github.com/intelliants/subrion/commits/develop • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16629
https://notcve.org/view.php?id=CVE-2018-16629
04 Dec 2018 — panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. panel/uploads/#elf_l1_XA en Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante un archivo SVG con JavaScript en un elemento SCRIPT. • https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16631
https://notcve.org/view.php?id=CVE-2018-16631
04 Dec 2018 — Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante el parámetro SITE TITLE en panel/configuration/general/. • https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 92%CPEs: 1EXPL: 7CVE-2018-19422 – Subrion CMS 4.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-19422
21 Nov 2018 — /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. /panel/uploads en Subrion CMS 4.2.1 permite que los atacantes remotos ejecuten código PHP remoto mediante un archivo .pht o .phar, ya que el archivo .htaccess los omite. • https://packetstorm.news/files/id/173998 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14836
https://notcve.org/view.php?id=CVE-2018-14836
02 Aug 2018 — Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel. Subrion 4.2.1 es vulnerable a un control de acceso incorrecto debido a que los grupos de usuarios que no tienen acceso al panel Admin pueden acceder a él (pero no pueden realizar acciones) si el grupo de usuarios Guests tiene acceso al panel Admin. • https://github.com/intelliants/subrion/issues/762 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14835
https://notcve.org/view.php?id=CVE-2018-14835
02 Aug 2018 — Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. Subrion CMS v4.2.1 es vulnerable a Cross-Site Scripting (XSS) persistente debido a que no se añade escapado a la información tooltip que se muestra en múltiples áreas. • https://github.com/intelliants/subrion/issues/760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •