Vulnerabilities > Intelliants > Subrion CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-08 CVE-2019-11406 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
network
low complexity
intelliants CWE-79
6.1
6.1
2018-12-04 CVE-2018-16631 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
network
low complexity
intelliants CWE-79
5.4
5.4
2018-12-04 CVE-2018-16629 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
network
low complexity
intelliants CWE-79
4.8
4.8