Subrion Cms

subrion_cms

Vendor: Intelliants • 36 CVEs

CVEs (36)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70958 1Intelliants 1Subrion Cms Feb 11, 2026 Feb 2, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted...Show more Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.Show less
CVE-2025-56556 1Intelliants 1Subrion Cms Nov 25, 2025 Sep 11, 2025 N/A· v4 3.8 LOW· v3 N/A· v2 An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the cont...Show more An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.Show less
CVE-2024-25399 1Intelliants 1Subrion Cms Mar 27, 2025 Feb 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.
CVE-2023-43875 1Intelliants 1Subrion Cms Nov 21, 2024 Oct 19, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminuse...Show more Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.Show less
CVE-2022-43121 1Intelliants 1Subrion Cms May 1, 2025 Nov 9, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
CVE-2022-43120 1Intelliants 1Subrion Cms May 1, 2025 Nov 9, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field defa...Show more A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.Show less
CVE-2022-37059 1Intelliants 1Subrion Cms Nov 21, 2024 Aug 29, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
CVE-2021-41502 1Intelliants 1Subrion Cms Nov 21, 2024 Jun 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or ad...Show more An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.Show less
CVE-2021-43464 1Intelliants 1Subrion Cms Nov 21, 2024 Apr 4, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
CVE-2020-18326 1Intelliants 1Subrion Cms Nov 21, 2024 Mar 4, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victi...Show more Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.Show less
CVE-2020-18325 1Intelliants 1Subrion Cms Nov 21, 2024 Mar 4, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVE-2020-18324 1Intelliants 1Subrion Cms Nov 21, 2024 Mar 4, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
CVE-2021-43724 1Intelliants 1Subrion Cms Nov 21, 2024 Feb 24, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
CVE-2021-41947 1Intelliants 1Subrion Cms Nov 21, 2024 Oct 8, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
CVE-2020-22392 1Intelliants 1Subrion Cms Nov 21, 2024 Aug 5, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVE-2020-35437 1Intelliants 1Subrion Cms Nov 21, 2024 Dec 26, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
CVE-2019-7357 1Intelliants 1Subrion Cms Nov 21, 2024 Nov 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
CVE-2019-11406 1Intelliants 1Subrion Cms Nov 21, 2024 May 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
CVE-2017-18366 1Intelliants 1Subrion Cms Nov 21, 2024 Apr 15, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVE-2018-16631 1Intelliants 1Subrion Cms Nov 21, 2024 Dec 4, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

12 Next