U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:intelliants:subrion_cms:2.2.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2021-43724

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

Published: February 24, 2022; 10:15:23 AM -0500 		V3.1: 4.8 MEDIUM
 V2.0: 3.5 LOW
CVE-2017-11445

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.

Published: July 19, 2017; 3:29:00 AM -0400 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2017-11444

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.

Published: July 19, 2017; 3:29:00 AM -0400 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2015-4129

SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

Published: July 05, 2015; 6:59:01 AM -0400 		V3.x:(not available)
 V2.0: 6.5 MEDIUM
CVE-2012-5452

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.

Published: October 22, 2012; 7:55:10 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2012-4773

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

Published: October 22, 2012; 7:55:08 PM -0400 		V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2012-4772

SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.

Published: October 22, 2012; 7:55:08 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2012-4771

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

Published: October 22, 2012; 7:55:08 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM