Vulnerabilities > Intelliants > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-41947 | SQL Injection vulnerability in Intelliants Subrion CMS 4.2.1 A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | 6.5 |
| 2021-08-06 | CVE-2020-22330 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. | 4.3 |
| 2021-04-09 | CVE-2020-23761 | Cross-site Scripting vulnerability in Intelliants Subrion Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | 4.3 |
| 2020-12-26 | CVE-2020-35437 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | 4.3 |
| 2020-11-10 | CVE-2019-7357 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. | 6.8 |
| 2020-05-15 | CVE-2019-20390 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 5.8 |
| 2020-05-15 | CVE-2019-20389 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. | 4.3 |
| 2020-04-29 | CVE-2020-12469 | Deserialization of Untrusted Data vulnerability in Intelliants Subrion admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | 5.5 |
| 2020-04-29 | CVE-2020-12468 | Unspecified vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. network intelliants | 6.8 |
| 2020-04-29 | CVE-2020-12467 | Session Fixation vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | 6.4 |