Search Results | AttackerKB

68 Total Results

Displaying 11-20 of 68

Attacker Value

Unknown

CVE-2021-41502

Disclosure Date: June 11, 2022 (last updated October 07, 2023)

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

Attacker Value

Unknown

CVE-2021-41948

Disclosure Date: April 29, 2022 (last updated October 07, 2023)

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2021-43464

Disclosure Date: April 04, 2022 (last updated October 07, 2023)

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2020-18326

Disclosure Date: March 04, 2022 (last updated October 07, 2023)

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

Attack Vector: Network Privileges: None User Interaction: Required