Search Results | AttackerKB

Show filters

Topics 35 Users 9,711

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

35 Total Results

Displaying 11-20 of 35

Attacker Value

Unknown

CVE-2021-43724

Disclosure Date: February 24, 2022 (last updated October 07, 2023)

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

Attack Vector: Network Privileges: High User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-22392

Disclosure Date: August 05, 2021 (last updated February 23, 2025)

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-35437

Disclosure Date: December 26, 2020 (last updated February 22, 2025)

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-7357

Disclosure Date: November 10, 2020 (last updated February 22, 2025)

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-11406

Disclosure Date: May 08, 2019 (last updated November 27, 2024)

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

0

Attacker Value

Unknown

CVE-2017-18366

Disclosure Date: April 15, 2019 (last updated November 27, 2024)

Subrion CMS 4.1.5 has CSRF in blog/delete/.

0

Attacker Value

Unknown

CVE-2018-16631

Disclosure Date: December 04, 2018 (last updated November 27, 2024)

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

0

Attacker Value

Unknown

CVE-2018-16629

Disclosure Date: December 04, 2018 (last updated November 27, 2024)

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

0

Attacker Value

Unknown

CVE-2018-19422

Disclosure Date: November 21, 2018 (last updated November 27, 2024)

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2018-14835

Disclosure Date: August 02, 2018 (last updated November 27, 2024)

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.

0