Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Subrion'
2021-08-06
CVE-2020-22330
CWE-79
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
2021-04-09
CVE-2020-23761
CWE-79
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
2020-11-04
CVE-2019-7356
CWE-79
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
2020-05-15
CVE-2019-20390
CWE-352
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
CVE-2019-20389
CWE-79
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
2020-04-29
CVE-2020-12469
CWE-502
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
CVE-2020-12468
NVD-CWE-Other
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
CVE-2020-12467
CWE-384
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
2020-03-17
CVE-2018-21037
CWE-352
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
2019-10-06
CVE-2019-17225
CWE-79
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Subrion' 