Skip to main content

Subrion CVE-2018-16327

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-09-01 cve@mitre.org
4.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 01, 2018 - 22:29 nvd
MEDIUM 4.8

DescriptionNVD

There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.

AnalysisAI

There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Affected products include: Intelliants Subrion.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-25400 CRITICAL POC
9.8 Feb 27

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-46947 HIGH POC
8.8 Nov 03

Subrion 4.2.1 has a remote command execution vulnerability in the backend. Rated high severity (CVSS 8.8), this vulnerab

CVE-2020-12468 HIGH POC
7.8 Apr 29

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. Rated high severity (CVSS 7.8), this vulner

CVE-2020-12469 MEDIUM POC
6.5 Apr 29

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized

CVE-2020-12467 MEDIUM POC
6.5 Apr 29

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. Rated medium severity (CVSS 6.5

CVE-2017-10795 MEDIUM POC
6.1 Jul 02

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or

CVE-2017-5543 CRITICAL
9.8 Jan 20

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks

CVE-2018-14840 MEDIUM POC
6.1 Aug 02

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for exam

CVE-2023-43884 MEDIUM POC
5.4 Sep 28

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attacke

CVE-2023-43830 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to exec

CVE-2023-43828 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary w

CVE-2019-17225 MEDIUM POC
5.4 Oct 06

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" i

Share

CVE-2018-16327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy