Vulnerabilities > Intelliants > Subrion > 4.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2021-41948 | Cross-site Scripting vulnerability in Intelliants Subrion A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". | 5.4 |
| 2021-04-09 | CVE-2020-23761 | Cross-site Scripting vulnerability in Intelliants Subrion Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | 6.1 |
| 2020-04-29 | CVE-2020-12469 | Deserialization of Untrusted Data vulnerability in Intelliants Subrion admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | 6.5 |
| 2020-03-17 | CVE-2018-21037 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | 8.8 |
| 2019-07-03 | CVE-2018-11317 | Cross-site Scripting vulnerability in Intelliants Subrion Subrion CMS before 4.1.4 has XSS. | 6.1 |
| 2017-10-06 | CVE-2017-15063 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. | 8.8 |
| 2017-01-20 | CVE-2017-5543 | Code Injection vulnerability in Intelliants Subrion 4.0.5 includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | 9.8 |