Intelliants

Subrion Cms

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-70958

Exploit
  • EPSS 0.01%
  • Veröffentlicht 02.02.2026 23:16:02
  • Zuletzt bearbeitet 11.02.2026 20:33:17

Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpw...

3.8

CVE-2025-56556

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.09.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 15:15:52

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.

6.1

CVE-2024-25399

  • EPSS 0.25%
  • Veröffentlicht 27.02.2024 16:15:46
  • Zuletzt bearbeitet 27.03.2025 14:55:13

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.

6.1

CVE-2023-43875

Exploit
  • EPSS 2.6%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:56

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

6.1

CVE-2022-43121

Exploit
  • EPSS 0.64%
  • Veröffentlicht 09.11.2022 16:15:18
  • Zuletzt bearbeitet 01.05.2025 16:15:23

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

6.1

CVE-2022-43120

Exploit
  • EPSS 0.59%
  • Veröffentlicht 09.11.2022 16:15:18
  • Zuletzt bearbeitet 01.05.2025 15:15:56

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

4.8

CVE-2022-37059

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.08.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 07:14:22

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field

5.4

CVE-2021-41502

Exploit
  • EPSS 0.21%
  • Veröffentlicht 11.06.2022 14:15:11
  • Zuletzt bearbeitet 21.11.2024 06:26:19

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

8.8

CVE-2021-43464

Exploit
  • EPSS 0.78%
  • Veröffentlicht 04.04.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:16

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().

8.8

CVE-2020-18326

Exploit
  • EPSS 1.64%
  • Veröffentlicht 04.03.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:08:32

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an a...