CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11317
https://notcve.org/view.php?id=CVE-2018-11317
03 Jul 2019 — Subrion CMS before 4.1.4 has XSS. Subrion CMS en versiones anteriores a la 4.1.4 tiene Cross-Site Scripting (XSS). • https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11406
https://notcve.org/view.php?id=CVE-2019-11406
08 May 2019 — Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. Subrion CMS 4.2.1 permite _core/es/contactos/XSS a través de los parámetros de nombre, correo electrónico o teléfono. • https://github.com/intelliants/subrion/commits/develop • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18366
https://notcve.org/view.php?id=CVE-2017-18366
12 Apr 2019 — Subrion CMS 4.1.5 has CSRF in blog/delete/. Subrion CMS 4.1.5 es vulnerable a un CSRF en blog/delete/. • https://github.com/intelliants/subrion/issues/477 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16629
https://notcve.org/view.php?id=CVE-2018-16629
04 Dec 2018 — panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. panel/uploads/#elf_l1_XA en Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante un archivo SVG con JavaScript en un elemento SCRIPT. • https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16631
https://notcve.org/view.php?id=CVE-2018-16631
04 Dec 2018 — Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. Subrion CMS v4.2.1 permite Cross-Site Scripting (XSS) mediante el parámetro SITE TITLE en panel/configuration/general/. • https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 92%CPEs: 1EXPL: 7CVE-2018-19422 – Subrion CMS 4.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-19422
21 Nov 2018 — /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. /panel/uploads en Subrion CMS 4.2.1 permite que los atacantes remotos ejecuten código PHP remoto mediante un archivo .pht o .phar, ya que el archivo .htaccess los omite. • https://packetstorm.news/files/id/173998 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16327
https://notcve.org/view.php?id=CVE-2018-16327
01 Sep 2018 — There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Hay Cross-Site Scripting (XSS) persistente en Subrion 4.2.1 mediante la configuración de URL del panel de administrador. • https://github.com/intelliants/subrion/issues/771 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15563 – Subrion CMS 4.2.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-15563
21 Aug 2018 — _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. _core/admin/pages/add/ en Subrion CMS 4.2.1 tiene Cross-Site Scripting (XSS) mediante el parámetro titles[en]. Subrion CMS version 4.2.1 suffers from persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/149017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14840 – Subrion CMS 4.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14840
02 Aug 2018 — uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). uploads/.htaccess en Subrion CMS 4.2.1 permite Cross-Site Scripting (XSS) debido a que no bloquea las subidas de archivo .html (pero sí bloquea las subidas de archivos .htm, por ejemplo). Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/148815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15063
https://notcve.org/view.php?id=CVE-2017-15063
06 Oct 2017 — There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. Existen vulnerabilidades de Cross-Site Request Forgery (CSRF) en Subrion CMS en versiones 4.1.x hasta la 4.1.5 y en versiones anteriores a la 4.2.0 debido a un error de lógica. Aunque existen funcionalidades para detectar CSRF... • https://github.com/intelliants/subrion/issues/547 • CWE-352: Cross-Site Request Forgery (CSRF) •