Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-28	CVE-2023-43884	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. network low complexity intelliants CWE-79	5.4
2023-09-27	CVE-2023-43828	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. network low complexity intelliants CWE-79	5.4
2023-09-27	CVE-2023-43830	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. network low complexity intelliants CWE-79	5.4
2021-08-06	CVE-2020-22330	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. network intelliants CWE-79	4.3
2021-04-09	CVE-2020-23761	Cross-site Scripting vulnerability in Intelliants Subrion Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. network intelliants CWE-79	4.3
2020-05-15	CVE-2019-20390	Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. network intelliants CWE-352	5.8
2020-05-15	CVE-2019-20389	Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. network intelliants CWE-79	4.3
2020-04-29	CVE-2020-12469	Deserialization of Untrusted Data vulnerability in Intelliants Subrion admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. network low complexity intelliants CWE-502	5.5
2020-04-29	CVE-2020-12468	Unspecified vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. network intelliants	6.8
2020-04-29	CVE-2020-12467	Session Fixation vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. network low complexity intelliants CWE-384	6.4