Vulnerabilities for Subrion cms (...) - CXSECURITY.COM

Vulnerabilities for 'Subrion cms'

2022-06-11

CVE-2021-41502

CWE-79

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

2022-04-04

CVE-2021-43464

NVD-CWE-noinfo

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().

2022-03-04

CVE-2020-18324

CWE-79

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.

CVE-2020-18325

CWE-79

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

CVE-2020-18326

CWE-352

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

2022-02-24

CVE-2021-43724

CWE-79

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

2021-10-08

CVE-2021-41947

CWE-89

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

2021-08-05

CVE-2020-22392

CWE-79

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.

2020-12-26

CVE-2020-35437

CWE-79

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

2019-05-08

CVE-2019-11406

CWE-79

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

Copyright 2024, cxsecurity.com