Vulnerabilities > Intelliants

DATE CVE VULNERABILITY TITLE RISK
2021-10-08 CVE-2021-41947 SQL Injection vulnerability in Intelliants Subrion CMS 4.2.1
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
network
low complexity
intelliants CWE-89
6.5
2021-08-06 CVE-2020-22330 Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
4.3
2021-08-05 CVE-2020-22392 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.2
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
3.5
2021-07-14 CVE-2020-18155 SQL Injection vulnerability in Intelliants Subrion 4.2.1
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
network
low complexity
intelliants CWE-89
7.5
2021-04-09 CVE-2020-23761 Cross-site Scripting vulnerability in Intelliants Subrion
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
4.3
2020-12-26 CVE-2020-35437 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
4.3
2020-11-10 CVE-2019-7357 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/.
6.8
2020-11-04 CVE-2019-7356 Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
3.5
2020-05-15 CVE-2019-20390 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
5.8
2020-05-15 CVE-2019-20389 Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page.
4.3