CVSS: 7.2EPSS: 92%CPEs: 1EXPL: 7CVE-2018-19422 – Subrion CMS 4.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-19422
21 Nov 2018 — /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. /panel/uploads en Subrion CMS 4.2.1 permite que los atacantes remotos ejecuten código PHP remoto mediante un archivo .pht o .phar, ya que el archivo .htaccess los omite. • https://packetstorm.news/files/id/173998 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16327
https://notcve.org/view.php?id=CVE-2018-16327
01 Sep 2018 — There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Hay Cross-Site Scripting (XSS) persistente en Subrion 4.2.1 mediante la configuración de URL del panel de administrador. • https://github.com/intelliants/subrion/issues/771 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15563 – Subrion CMS 4.2.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-15563
21 Aug 2018 — _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. _core/admin/pages/add/ en Subrion CMS 4.2.1 tiene Cross-Site Scripting (XSS) mediante el parámetro titles[en]. Subrion CMS version 4.2.1 suffers from persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/149017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14840 – Subrion CMS 4.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14840
02 Aug 2018 — uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). uploads/.htaccess en Subrion CMS 4.2.1 permite Cross-Site Scripting (XSS) debido a que no bloquea las subidas de archivo .html (pero sí bloquea las subidas de archivos .htm, por ejemplo). Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/148815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •