Every CVE whose affected-product data names Intelliants Subrion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2017-5543 — CVSS 9.8 (critical): includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted…
CVE-2024-25400 — CVSS 9.8 (critical): Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers…
CVE-2018-21037 — CVSS 8.8 (high): Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
CVE-2017-15063 — CVSS 8.8 (high): There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is…
CVE-2019-20390 — CVSS 8.1 (high): A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the…
CVE-2020-12468 — CVSS 7.8 (high): Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
CVE-2020-12469 — CVSS 6.5 (medium): admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the…
CVE-2019-20389 — CVSS 6.1 (medium): An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary…
CVE-2020-23761 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the…
CVE-2018-14840 — CVSS 6.1 (medium): uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file…
CVE-2017-10795 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body…
CVE-2019-17225 — CVSS 5.4 (medium): Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
CVE-2021-41948 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
CVE-2023-43828 — CVSS 5.4 (medium): A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML…
CVE-2023-43830 — CVSS 5.4 (medium): A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web…
CVE-2023-43884 — CVSS 5.4 (medium): A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute…
CVE-2014-9120 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the…