CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15063
https://notcve.org/view.php?id=CVE-2017-15063
06 Oct 2017 — There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. Existen vulnerabilidades de Cross-Site Request Forgery (CSRF) en Subrion CMS en versiones 4.1.x hasta la 4.1.5 y en versiones anteriores a la 4.2.0 debido a un error de lógica. Aunque existen funcionalidades para detectar CSRF... • https://github.com/intelliants/subrion/issues/547 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-10795
https://notcve.org/view.php?id=CVE-2017-10795
02 Jul 2017 — Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Subrion CMS 4.1.4 y anteriores permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el cuerpo de blog/add/. Esta vulnerabilidad es diferente de CVE-2017-6069. • http://www.securityfocus.com/bid/99378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5543
https://notcve.org/view.php?id=CVE-2017-5543
20 Jan 2017 — includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. includes/classes/ia.core.users.php en Subrion CMS 4.0.5 permite a atacantes remotos llevar a cabo ataques PHP Object Injection a través de datos serializados manipulados en una salt cookie en una petición de inicio de sesión. • http://www.securityfocus.com/bid/95688 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9120 – Subrion CMS 3.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-9120
09 Dec 2014 — Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. Vulnerabilidad de XSS en Subrion CMS anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO en subrion/search/. Subrion CMS version 3.2.2 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/129447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •