CVE-2012-5452
- EPSS 18.66%
- Veröffentlicht 22.10.2012 23:55:10
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5)...
CVE-2012-4773
- EPSS 6.31%
- Veröffentlicht 22.10.2012 23:55:08
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an ...
CVE-2012-4772
- EPSS 2.16%
- Veröffentlicht 22.10.2012 23:55:08
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
CVE-2012-4771
- EPSS 7.24%
- Veröffentlicht 22.10.2012 23:55:08
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) gro...
CVE-2011-5211
- EPSS 1.05%
- Veröffentlicht 22.10.2012 23:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this m...
CVE-2011-5212
- EPSS 0.37%
- Veröffentlicht 22.10.2012 23:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.