CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9120 – Subrion CMS 3.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-9120
09 Dec 2014 — Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. Vulnerabilidad de XSS en Subrion CMS anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO en subrion/search/. Subrion CMS version 3.2.2 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/129447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 1%CPEs: 4EXPL: 4CVE-2012-4771 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4771
22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Subrion CMS antes de v2.2.3, permi... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2012-5452 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-5452
22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[ac... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5212 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5212
22 Oct 2012 — SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. Vulnerabilidad de inyección SQL en admin/index.php en Subrion CMS v2.0.4 permite a atacantes remotos ejecutar comandos SQL a través de (1) el nombre de usuario o (2) el campo de contraseña. • https://www.exploit-db.com/exploits/17390 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2012-4772 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4772
22 Oct 2012 — SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. Vulnerabilidad de inyección SQL en register/ en Subrion CMS antes de v2.2.3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro plan_id. • https://www.exploit-db.com/exploits/22159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5211 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5211
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de encuestas en Subrion CMS v2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de título (title). NOTA: algu... • https://www.exploit-db.com/exploits/17390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 4EXPL: 6CVE-2012-4773 – Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2012-4773
22 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en Subrion CMS antes de v2.2.3, permite a atacantes remotos secuestrar la autenticación de los administradores en ... • https://www.exploit-db.com/exploits/21267 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4504
https://notcve.org/view.php?id=CVE-2010-4504
08 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en eSyndiCat Directory v2.3 permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro title en (1) suggest-category.php y (2) suggest-listing.php. • http://osvdb.org/69638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2008-6924 – eSyndiCat 2.2 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6924
10 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en register.php en eSyndiCat Directory v2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) "username... • https://www.exploit-db.com/exploits/32045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2009-1659 – eLitius 1.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2009-1659
17 May 2009 — Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. Vulnerabilidad de carga de archivos sin restricciones en admin/uploadimage.php en eLitius v1.0 permite a atacantes remotos saltarse las restricciones de acceso puestas y subir y ejecutar ficheros de su elección a través... • https://www.exploit-db.com/exploits/8603 •