Skip to main content

Subrion CVE-2019-17225

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-10-06 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 06, 2019 - 17:15 nvd
MEDIUM 5.4

DescriptionNVD

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.

AnalysisAI

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. Affected products include: Intelliants Subrion.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-25400 CRITICAL POC
9.8 Feb 27

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-46947 HIGH POC
8.8 Nov 03

Subrion 4.2.1 has a remote command execution vulnerability in the backend. Rated high severity (CVSS 8.8), this vulnerab

CVE-2020-12468 HIGH POC
7.8 Apr 29

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. Rated high severity (CVSS 7.8), this vulner

CVE-2020-12469 MEDIUM POC
6.5 Apr 29

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized

CVE-2020-12467 MEDIUM POC
6.5 Apr 29

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. Rated medium severity (CVSS 6.5

CVE-2017-10795 MEDIUM POC
6.1 Jul 02

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or

CVE-2017-5543 CRITICAL
9.8 Jan 20

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks

CVE-2018-14840 MEDIUM POC
6.1 Aug 02

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for exam

CVE-2023-43884 MEDIUM POC
5.4 Sep 28

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attacke

CVE-2023-43830 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to exec

CVE-2023-43828 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary w

CVE-2017-15063 HIGH
8.8 Oct 06

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Rated hig

Share

CVE-2019-17225 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy