Intelliants » Subrion » 4.0.5 : Security Vulnerabilities, CVEs,
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-04-29
Updated
2022-05-10
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
Max CVSS
6.1
EPSS Score
0.15%
Published
2021-04-09
Updated
2021-04-13
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
Max CVSS
6.5
EPSS Score
0.06%
Published
2020-04-29
Updated
2020-05-05
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
Max CVSS
8.8
EPSS Score
0.11%
Published
2020-03-17
Updated
2020-03-20
Subrion CMS before 4.1.4 has XSS.
Max CVSS
6.1
EPSS Score
0.07%
Published
2019-07-03
Updated
2019-07-05
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
Max CVSS
8.8
EPSS Score
0.05%
Published
2017-10-06
Updated
2018-11-08
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
Max CVSS
9.8
EPSS Score
0.31%
Published
2017-01-20
Updated
2018-11-08
7 vulnerabilities found