Vulnerabilities > Intelliants > Subrion > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2018-21037 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | 6.8 |
| 2019-07-03 | CVE-2018-11317 | Cross-site Scripting vulnerability in Intelliants Subrion Subrion CMS before 4.1.4 has XSS. | 4.3 |
| 2018-10-02 | CVE-2018-15563 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | 4.3 |
| 2018-08-02 | CVE-2018-14840 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | 4.3 |
| 2017-10-06 | CVE-2017-15063 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. | 6.8 |
| 2017-07-02 | CVE-2017-10795 | Cross-site Scripting vulnerability in Intelliants Subrion 4.1.4 Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | 4.3 |
| 2014-12-10 | CVE-2014-9120 | Cross-Site Scripting vulnerability in Intelliants Subrion Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. | 4.3 |