Vulnerabilities > Intelliants
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2018-11317 | Cross-site Scripting vulnerability in Intelliants Subrion Subrion CMS before 4.1.4 has XSS. | 6.1 |
| 2019-05-08 | CVE-2019-11406 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | 6.1 |
| 2019-04-15 | CVE-2017-18366 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.1.5 Subrion CMS 4.1.5 has CSRF in blog/delete/. | 8.8 |
| 2018-12-04 | CVE-2018-16631 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | 5.4 |
| 2018-12-04 | CVE-2018-16629 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | 4.8 |
| 2018-11-21 | CVE-2018-19422 | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |
| 2018-10-02 | CVE-2018-15563 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | 6.1 |
| 2018-09-01 | CVE-2018-16327 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | 4.8 |
| 2018-08-02 | CVE-2018-14840 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | 6.1 |
| 2017-10-06 | CVE-2017-15063 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. | 8.8 |