Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21037 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | |||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | |||||
| CVE-2018-15563 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | |||||
| CVE-2018-14840 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | |||||
| CVE-2018-11317 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS before 4.1.4 has XSS. | |||||