Vulnerabilities > Intelliants

DATE CVE VULNERABILITY TITLE RISK
2020-12-26 CVE-2020-35437 Cross-Site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
4.3
2020-11-10 CVE-2019-7357 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/.
6.8
2020-11-04 CVE-2019-7356 Cross-Site Scripting vulnerability in Intelliants Subrion 4.2.1
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
3.5
2020-05-15 CVE-2019-20390 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
5.8
2020-05-15 CVE-2019-20389 Cross-Site Scripting vulnerability in Intelliants Subrion 4.2.1
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page.
4.3
2020-04-29 CVE-2020-12469 Deserialization of Untrusted Data vulnerability in Intelliants Subrion
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
network
low complexity
intelliants CWE-502
5.5
2020-04-29 CVE-2020-12468 Unspecified vulnerability in Intelliants Subrion 4.2.1
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language.
network
intelliants
6.8
2020-04-29 CVE-2020-12467 Session Fixation vulnerability in Intelliants Subrion 4.2.1
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
network
low complexity
intelliants CWE-384
6.4
2020-03-17 CVE-2018-21037 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
6.8
2019-10-06 CVE-2019-17225 Cross-Site Scripting vulnerability in Intelliants Subrion 4.2.1
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
3.5