Vulnerabilities > Intelliants

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-08	CVE-2019-11406	Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. network intelliants CWE-79	4.3
2019-04-15	CVE-2017-18366	Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.1.5 Subrion CMS 4.1.5 has CSRF in blog/delete/. network intelliants CWE-352	6.8
2018-12-04	CVE-2018-16631	Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. network intelliants CWE-79	3.5
2018-12-04	CVE-2018-16629	Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. network intelliants CWE-79	3.5
2018-11-21	CVE-2018-19422	Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. network low complexity intelliants CWE-434	7.2
2018-10-02	CVE-2018-15563	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. network intelliants CWE-79	4.3
2018-09-01	CVE-2018-16327	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. network intelliants CWE-79	3.5
2018-08-02	CVE-2018-14840	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). network intelliants CWE-79	4.3
2017-10-06	CVE-2017-15063	Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. network intelliants CWE-352	6.8
2017-07-19	CVE-2017-11445	SQL Injection vulnerability in Intelliants Subrion CMS Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. network low complexity intelliants CWE-89	7.5

Vulnerabilities > Intelliants {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Intelliants"}]}

Vulnerabilities > Intelliants