Intelliants

Subrion Cms

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2026-12202

Exploit
  • EPSS 0.21%
  • Veröffentlicht 15.06.2026 00:45:08
  • Zuletzt bearbeitet 16.06.2026 04:17:17

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack m...

6.1

CVE-2025-70958

Exploit
  • EPSS 0.25%
  • Veröffentlicht 02.02.2026 23:16:02
  • Zuletzt bearbeitet 11.02.2026 20:33:17

Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpw...

3.8

CVE-2025-56556

Exploit
  • EPSS 0.19%
  • Veröffentlicht 11.09.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 15:15:52

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.

6.1

CVE-2024-25399

  • EPSS 0.35%
  • Veröffentlicht 27.02.2024 16:15:46
  • Zuletzt bearbeitet 27.03.2025 14:55:13

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.

6.1

CVE-2023-43875

Exploit
  • EPSS 0.76%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:56

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

6.1

CVE-2022-43121

Exploit
  • EPSS 0.58%
  • Veröffentlicht 09.11.2022 16:15:18
  • Zuletzt bearbeitet 01.05.2025 16:15:23

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

6.1

CVE-2022-43120

Exploit
  • EPSS 0.5%
  • Veröffentlicht 09.11.2022 16:15:18
  • Zuletzt bearbeitet 01.05.2025 15:15:56

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

4.8

CVE-2022-37059

Exploit
  • EPSS 0.46%
  • Veröffentlicht 29.08.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 07:14:22

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field

5.4

CVE-2021-41502

Exploit
  • EPSS 0.51%
  • Veröffentlicht 11.06.2022 14:15:11
  • Zuletzt bearbeitet 21.11.2024 06:26:19

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

8.8

CVE-2021-43464

Exploit
  • EPSS 1.36%
  • Veröffentlicht 04.04.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:16

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().