RSS   Podatności dla 'Subrion cms'   RSS

2022-06-11
 
CVE-2021-41502

CWE-79
 
 
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

 
2022-04-04
 
CVE-2021-43464

NVD-CWE-noinfo
 
 
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().

 
2022-03-04
 
CVE-2020-18324

CWE-79
 
 
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.

 
 
CVE-2020-18325

CWE-79
 
 
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

 
 
CVE-2020-18326

CWE-352
 
 
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

 
2022-02-24
 
CVE-2021-43724

CWE-79
 
 
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

 
2021-10-08
 
CVE-2021-41947

CWE-89
 
 
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

 
2021-08-05
 
CVE-2020-22392

CWE-79
 
 
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.

 
2020-12-26
 
CVE-2020-35437

CWE-79
 
 
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

 
2019-05-08
 
CVE-2019-11406

CWE-79
 
 
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top