Subrion_cms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Subrion_cms
(Intelliants)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	33

Date	Id	Summary	Products	Score	Patch	Annotated
2022-11-09	CVE-2022-43120	A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.	Subrion_cms	6.1
2022-11-09	CVE-2022-43121	A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.	Subrion_cms	6.1
2020-12-26	CVE-2020-35437	Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.	Subrion_cms	6.1
2021-08-05	CVE-2020-22392	Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.	Subrion_cms	5.4
2021-10-08	CVE-2021-41947	A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.	Subrion_cms	7.2
2022-02-24	CVE-2021-43724	A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.	Subrion_cms	4.8
2022-03-04	CVE-2020-18324	Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.	Subrion_cms	6.1
2022-03-04	CVE-2020-18325	Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.	Subrion_cms	6.1
2022-03-04	CVE-2020-18326	Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.	Subrion_cms	8.8
2022-04-04	CVE-2021-43464	A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().	Subrion_cms	8.8