CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14836
https://notcve.org/view.php?id=CVE-2018-14836
02 Aug 2018 — Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel. Subrion 4.2.1 es vulnerable a un control de acceso incorrecto debido a que los grupos de usuarios que no tienen acceso al panel Admin pueden acceder a él (pero no pueden realizar acciones) si el grupo de usuarios Guests tiene acceso al panel Admin. • https://github.com/intelliants/subrion/issues/762 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14835
https://notcve.org/view.php?id=CVE-2018-14835
02 Aug 2018 — Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. Subrion CMS v4.2.1 es vulnerable a Cross-Site Scripting (XSS) persistente debido a que no se añade escapado a la información tooltip que se muestra en múltiples áreas. • https://github.com/intelliants/subrion/issues/760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •