{"url":"http://public2.vulnerablecode.io/api/packages/213577?format=json","purl":"pkg:composer/intelliants/subrion@4.0.2","type":"composer","namespace":"intelliants","name":"subrion","version":"4.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43833?format=json","vulnerability_id":"VCID-1488-cs1g-9bh5","summary":"Cross-Site Request Forgery (CSRF)\nSubrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6068","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43121","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43085","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43159","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43167","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43146","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43111","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6068"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6068","reference_id":"CVE-2017-6068","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6068"},{"reference_url":"https://github.com/advisories/GHSA-q4h5-g3w8-f9x7","reference_id":"GHSA-q4h5-g3w8-f9x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4h5-g3w8-f9x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53204?format=json","purl":"pkg:composer/intelliants/subrion@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-2xwt-jreg-c3de"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cr7s-r2rz-8ybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-qccc-t5b3-7uhx"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-tuub-vc8w-1qbu"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.0"}],"aliases":["CVE-2017-6068","GHSA-q4h5-g3w8-f9x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1488-cs1g-9bh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44088?format=json","vulnerability_id":"VCID-1xpw-sdr9-1fat","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\npanel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5548","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55499","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385"},{"reference_url":"https://github.com/intelliants/subrion/issues/777","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/777"},{"reference_url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629","reference_id":"CVE-2018-16629","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629"},{"reference_url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj","reference_id":"GHSA-mxv3-qcmf-r6wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj"}],"fixed_packages":[],"aliases":["CVE-2018-16629","GHSA-mxv3-qcmf-r6wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xpw-sdr9-1fat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52388?format=json","vulnerability_id":"VCID-2xwt-jreg-c3de","summary":"Cross-Site Request Forgery (CSRF)\nSubrion CMS (and possibly earlier versions) allow CSRF to change the administrator password via the `panel/members/edit/1` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21037","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39013","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39008","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38969","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38957","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38984","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21037"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/blob/c8aaeb04f44554e454be9763527a7be7fbe7bfd5/changelog.txt#L899","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/blob/c8aaeb04f44554e454be9763527a7be7fbe7bfd5/changelog.txt#L899"},{"reference_url":"https://github.com/intelliants/subrion/issues/638","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21037","reference_id":"CVE-2018-21037","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21037"},{"reference_url":"https://github.com/advisories/GHSA-g8j7-w673-4mjp","reference_id":"GHSA-g8j7-w673-4mjp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8j7-w673-4mjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54397?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56251?format=json","purl":"pkg:composer/intelliants/subrion@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-1yz9-ft75-x3hc"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-d5xa-vycj-1qgq"},{"vulnerability":"VCID-fyr4-7rf7-dyb3"},{"vulnerability":"VCID-hmv6-1jsn-kfgb"},{"vulnerability":"VCID-m1vz-jhv8-m7ex"},{"vulnerability":"VCID-njj6-w9z4-nyev"},{"vulnerability":"VCID-nwfr-7qg1-wkg9"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-q4a7-521f-tqcc"},{"vulnerability":"VCID-q5uw-guhs-abdj"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-sn48-ddz4-7uhk"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-wyj4-7cw5-7ucs"},{"vulnerability":"VCID-x3tu-11xw-8qav"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-xvf4-unfj-2bgt"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1"}],"aliases":["CVE-2018-21037","GHSA-g8j7-w673-4mjp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xwt-jreg-c3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49978?format=json","vulnerability_id":"VCID-44cg-dunb-y7ce","summary":"Subrion CMS vulnerable to cross-site scripting\nMultiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05702","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05695","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05661","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05703","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05716","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958"},{"reference_url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:39:36Z/"}],"url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958","reference_id":"CVE-2025-70958","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958"},{"reference_url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv","reference_id":"GHSA-9jjm-mc56-3qxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv"}],"fixed_packages":[],"aliases":["CVE-2025-70958","GHSA-9jjm-mc56-3qxv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44cg-dunb-y7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43954?format=json","vulnerability_id":"VCID-4r9t-8b5b-8yh3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSubrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42771","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42805","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42845","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42833","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/a33a224c6c9e25144d828f92f6141c719215094b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/a33a224c6c9e25144d828f92f6141c719215094b"},{"reference_url":"https://github.com/intelliants/subrion/issues/760","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/760"},{"reference_url":"https://github.com/intelliants/subrion/pull/763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/pull/763"},{"reference_url":"https://github.com/intelliants/subrion/pull/763/commits","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/pull/763/commits"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835","reference_id":"CVE-2018-14835","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835"},{"reference_url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf","reference_id":"GHSA-c8mg-wp7h-f2pf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf"}],"fixed_packages":[],"aliases":["CVE-2018-14835","GHSA-c8mg-wp7h-f2pf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r9t-8b5b-8yh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43048?format=json","vulnerability_id":"VCID-6hjr-wyvk-dyhu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA cross-site scripting (XSS) vulnerability exists in the \"contact us\" plugin for Subrion CMS <= 4.2.1 version via \"List of subjects\".","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40892","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40938","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40943","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40881","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948"},{"reference_url":"https://github.com/intelliants/subrion-plugin-contact_us","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion-plugin-contact_us"},{"reference_url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948","reference_id":"CVE-2021-41948","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948"},{"reference_url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q","reference_id":"GHSA-jv64-2m3x-6v4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q"}],"fixed_packages":[],"aliases":["CVE-2021-41948","GHSA-jv64-2m3x-6v4q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hjr-wyvk-dyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41414?format=json","vulnerability_id":"VCID-7pb6-ag7y-uyc8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40152","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40109","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4019","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40194","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40166","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40137","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/868","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392","reference_id":"CVE-2020-22392","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392"},{"reference_url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3","reference_id":"GHSA-hxj6-v58r-cqv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3"}],"fixed_packages":[],"aliases":["CVE-2020-22392","GHSA-hxj6-v58r-cqv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pb6-ag7y-uyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110214?format=json","vulnerability_id":"VCID-ag5c-89aq-juaz","summary":"Subrion CMS is vulnerable to Cross-Site Scripting (XSS)\nA cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71843","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71827","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71849","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71803","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71812","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71947","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/895","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:32:36Z/"}],"url":"https://github.com/intelliants/subrion/issues/895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121"},{"reference_url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh","reference_id":"GHSA-jrvr-gmqv-hgrh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh"}],"fixed_packages":[],"aliases":["CVE-2022-43121","GHSA-jrvr-gmqv-hgrh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ag5c-89aq-juaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42588?format=json","vulnerability_id":"VCID-ar4w-kw2u-xken","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326","reference_id":"","reference_type":"","scores":[{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82319","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82282","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82312","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82311","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82305","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18326"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326"},{"reference_url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx","reference_id":"GHSA-9cc3-5w85-pxvx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx"}],"fixed_packages":[],"aliases":["CVE-2020-18326","GHSA-9cc3-5w85-pxvx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar4w-kw2u-xken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110334?format=json","vulnerability_id":"VCID-bhsq-rgy4-rfe1","summary":"Subrion CMS is vulnerable to Cross-Site Scripting (XSS)\nA cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70636","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70644","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70593","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70615","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70713","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/894","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:10:58Z/"}],"url":"https://github.com/intelliants/subrion/issues/894"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120"},{"reference_url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6","reference_id":"GHSA-3wmg-28v9-8hf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6"}],"fixed_packages":[],"aliases":["CVE-2022-43120","GHSA-3wmg-28v9-8hf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhsq-rgy4-rfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42585?format=json","vulnerability_id":"VCID-bkpp-h2k1-jqgc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325","reference_id":"","reference_type":"","scores":[{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82702","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82672","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82699","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82697","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82696","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82689","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18325"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325"},{"reference_url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv","reference_id":"GHSA-pcwq-7wrw-r8jv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv"}],"fixed_packages":[],"aliases":["CVE-2020-18325","GHSA-pcwq-7wrw-r8jv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkpp-h2k1-jqgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42587?format=json","vulnerability_id":"VCID-c4x8-nzy9-rybh","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.","references":[{"reference_url":"http://intelliants.com","reference_id":"","reference_type":"","scores":[],"url":"http://intelliants.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324","reference_id":"","reference_type":"","scores":[{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91412","published_at":"2026-06-09T12:55:00Z"},{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.9139","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91406","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91402","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91398","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"http://subrion.com","reference_id":"","reference_type":"","scores":[],"url":"http://subrion.com"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324"},{"reference_url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw","reference_id":"GHSA-xj7h-g7rh-gjcw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw"}],"fixed_packages":[],"aliases":["CVE-2020-18324","GHSA-xj7h-g7rh-gjcw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4x8-nzy9-rybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38993?format=json","vulnerability_id":"VCID-cr7s-r2rz-8ybh","summary":"Cross-Site Request Forgery (CSRF)\nThere are CSRF vulnerabilities in Subrion CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15063","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32445","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32367","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32345","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32374","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32413","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32373","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15063"},{"reference_url":"https://github.com/intelliants/subrion/commit/5fdf03af1a7d89c3692faa155e17457153020dca","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/5fdf03af1a7d89c3692faa155e17457153020dca"},{"reference_url":"https://github.com/intelliants/subrion/commit/65fb937a588d730e57da0c2c5ca3bc4b9c2b5628","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/65fb937a588d730e57da0c2c5ca3bc4b9c2b5628"},{"reference_url":"https://github.com/intelliants/subrion/issues/547","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/547"},{"reference_url":"https://github.com/intelliants/subrion/issues/570","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/570"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063","reference_id":"CVE-2017-15063","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063"},{"reference_url":"https://github.com/advisories/GHSA-rc94-7v55-wmg6","reference_id":"GHSA-rc94-7v55-wmg6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rc94-7v55-wmg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54397?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"}],"aliases":["CVE-2017-15063","GHSA-rc94-7v55-wmg6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr7s-r2rz-8ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111418?format=json","vulnerability_id":"VCID-cwwd-gk4r-ayfa","summary":"Subrion CMS CSRF Vulnerability\nSubrion CMS 4.2.1 has CSRF in `panel/modules/plugins/`. The attacker can remotely activate/deactivate the plugins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357","reference_id":"","reference_type":"","scores":[{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82188","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82147","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82176","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82177","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82179","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82173","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357"},{"reference_url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv","reference_id":"GHSA-5mh2-82g9-72jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv"}],"fixed_packages":[],"aliases":["CVE-2019-7357","GHSA-5mh2-82g9-72jv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwwd-gk4r-ayfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52557?format=json","vulnerability_id":"VCID-d5s9-ntsm-b7e3","summary":"Deserialization of Untrusted Data\n`admin/blocks.php` in Subrion CMS through allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to `blocks/edit`.`","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12469","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45406","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45393","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45422","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45426","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12469"},{"reference_url":"https://belong2yourself.github.io/vulnerabilities/docs/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection/readme","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://belong2yourself.github.io/vulnerabilities/docs/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection/readme"},{"reference_url":"https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12469","reference_id":"CVE-2020-12469","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12469"},{"reference_url":"https://github.com/advisories/GHSA-fmqq-hw9m-448q","reference_id":"GHSA-fmqq-hw9m-448q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fmqq-hw9m-448q"}],"fixed_packages":[],"aliases":["CVE-2020-12469","GHSA-fmqq-hw9m-448q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5s9-ntsm-b7e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110632?format=json","vulnerability_id":"VCID-pnqh-jpnp-cqfk","summary":"Cross site scripting in intelliants/subrion\nAn issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42805","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42771","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42845","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/885","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502"},{"reference_url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4","reference_id":"GHSA-jvq4-cgfw-jgf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4"}],"fixed_packages":[],"aliases":["CVE-2021-41502","GHSA-jvq4-cgfw-jgf4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnqh-jpnp-cqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41145?format=json","vulnerability_id":"VCID-qccc-t5b3-7uhx","summary":"Cross-site Scripting\nSubrion CMS has XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11317","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11317"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83"},{"reference_url":"https://github.com/intelliants/subrion/releases/tag/v4.1.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/releases/tag/v4.1.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11317","reference_id":"CVE-2018-11317","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11317"},{"reference_url":"https://github.com/advisories/GHSA-2cmg-vxvh-8h7h","reference_id":"GHSA-2cmg-vxvh-8h7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cmg-vxvh-8h7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53709?format=json","purl":"pkg:composer/intelliants/subrion@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-2xwt-jreg-c3de"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cr7s-r2rz-8ybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-ncdz-29ff-53fr"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-tuub-vc8w-1qbu"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.4"}],"aliases":["CVE-2018-11317","GHSA-2cmg-vxvh-8h7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qccc-t5b3-7uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47130?format=json","vulnerability_id":"VCID-qgw2-a91r-qkgq","summary":"Subrion CMS vulnerable to SQL Injection\nSubrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66061","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66071","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400"},{"reference_url":"https://cwe.mitre.org/data/definitions/89.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwe.mitre.org/data/definitions/89.html"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/910","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-15T18:04:06Z/"}],"url":"https://github.com/intelliants/subrion/issues/910"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://subrion.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400","reference_id":"CVE-2024-25400","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400"},{"reference_url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v","reference_id":"GHSA-xxf8-fpmr-fw7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v"}],"fixed_packages":[],"aliases":["CVE-2024-25400","GHSA-xxf8-fpmr-fw7v"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgw2-a91r-qkgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54315?format=json","vulnerability_id":"VCID-r8md-h5ed-hbg1","summary":"Cross-site Scripting\nCross Site Scripting (XSS) vulnerability in subrion CMS allows remote attackers to execute arbitrary web script via the \"payment gateway\" column on transactions tab.","references":[{"reference_url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61156","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61111","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.6116","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61155","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61137","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://subrion.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761","reference_id":"CVE-2020-23761","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761"},{"reference_url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576","reference_id":"GHSA-xhc3-5pgf-p576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576"}],"fixed_packages":[],"aliases":["CVE-2020-23761","GHSA-xhc3-5pgf-p576"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8md-h5ed-hbg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46249?format=json","vulnerability_id":"VCID-radq-a121-wfdc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875","reference_id":"","reference_type":"","scores":[{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85901","published_at":"2026-06-08T12:55:00Z"},{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85914","published_at":"2026-06-07T12:55:00Z"},{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85918","published_at":"2026-06-06T12:55:00Z"},{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-06-09T12:55:00Z"},{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85915","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T19:49:31Z/"}],"url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"},{"reference_url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T19:49:31Z/"}],"url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875","reference_id":"CVE-2023-43875","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875"},{"reference_url":"https://github.com/advisories/GHSA-646r-8fcc-p82r","reference_id":"GHSA-646r-8fcc-p82r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-646r-8fcc-p82r"}],"fixed_packages":[],"aliases":["CVE-2023-43875","GHSA-646r-8fcc-p82r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-radq-a121-wfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58164?format=json","vulnerability_id":"VCID-tdyr-bz4z-h3by","summary":"Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool\nAn issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56556","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23168","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23465","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23516","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56556"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/913","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T20:35:53Z/"}],"url":"https://github.com/intelliants/subrion/issues/913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56556","reference_id":"CVE-2025-56556","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56556"},{"reference_url":"https://github.com/advisories/GHSA-h8wv-vv58-468h","reference_id":"GHSA-h8wv-vv58-468h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h8wv-vv58-468h"}],"fixed_packages":[],"aliases":["CVE-2025-56556","GHSA-h8wv-vv58-468h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdyr-bz4z-h3by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44068?format=json","vulnerability_id":"VCID-tuub-vc8w-1qbu","summary":"Cross-Site Request Forgery (CSRF)\nSubrion CMS 4.1.5 has CSRF in blog/delete/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18366","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34031","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34002","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33929","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34013","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34045","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18366"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/8c08d7b92a4b7b5820a951d53c24844715439b73","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/8c08d7b92a4b7b5820a951d53c24844715439b73"},{"reference_url":"https://github.com/intelliants/subrion/issues/477","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366","reference_id":"CVE-2017-18366","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366"},{"reference_url":"https://github.com/advisories/GHSA-c939-g732-48r8","reference_id":"GHSA-c939-g732-48r8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c939-g732-48r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54397?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56251?format=json","purl":"pkg:composer/intelliants/subrion@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xpw-sdr9-1fat"},{"vulnerability":"VCID-1yz9-ft75-x3hc"},{"vulnerability":"VCID-44cg-dunb-y7ce"},{"vulnerability":"VCID-4r9t-8b5b-8yh3"},{"vulnerability":"VCID-6hjr-wyvk-dyhu"},{"vulnerability":"VCID-7pb6-ag7y-uyc8"},{"vulnerability":"VCID-ag5c-89aq-juaz"},{"vulnerability":"VCID-ar4w-kw2u-xken"},{"vulnerability":"VCID-bhsq-rgy4-rfe1"},{"vulnerability":"VCID-bkpp-h2k1-jqgc"},{"vulnerability":"VCID-c4x8-nzy9-rybh"},{"vulnerability":"VCID-cwwd-gk4r-ayfa"},{"vulnerability":"VCID-d5s9-ntsm-b7e3"},{"vulnerability":"VCID-d5xa-vycj-1qgq"},{"vulnerability":"VCID-fyr4-7rf7-dyb3"},{"vulnerability":"VCID-hmv6-1jsn-kfgb"},{"vulnerability":"VCID-m1vz-jhv8-m7ex"},{"vulnerability":"VCID-njj6-w9z4-nyev"},{"vulnerability":"VCID-nwfr-7qg1-wkg9"},{"vulnerability":"VCID-pnqh-jpnp-cqfk"},{"vulnerability":"VCID-q4a7-521f-tqcc"},{"vulnerability":"VCID-q5uw-guhs-abdj"},{"vulnerability":"VCID-qgw2-a91r-qkgq"},{"vulnerability":"VCID-r8md-h5ed-hbg1"},{"vulnerability":"VCID-radq-a121-wfdc"},{"vulnerability":"VCID-sn48-ddz4-7uhk"},{"vulnerability":"VCID-tdyr-bz4z-h3by"},{"vulnerability":"VCID-v9j6-3ua6-xyee"},{"vulnerability":"VCID-vpfn-xgz4-p3em"},{"vulnerability":"VCID-wyj4-7cw5-7ucs"},{"vulnerability":"VCID-x3tu-11xw-8qav"},{"vulnerability":"VCID-xpqs-g8du-t7h1"},{"vulnerability":"VCID-xvf4-unfj-2bgt"},{"vulnerability":"VCID-zwtc-9g9p-3yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1"}],"aliases":["CVE-2017-18366","GHSA-c939-g732-48r8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuub-vc8w-1qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43739?format=json","vulnerability_id":"VCID-v9j6-3ua6-xyee","summary":"Unrestricted Upload of File with Dangerous Type\n/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.","references":[{"reference_url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html"},{"reference_url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422","reference_id":"","reference_type":"","scores":[{"value":"0.83882","scoring_system":"epss","scoring_elements":"0.99314","published_at":"2026-06-09T12:55:00Z"},{"value":"0.83882","scoring_system":"epss","scoring_elements":"0.99313","published_at":"2026-06-08T12:55:00Z"},{"value":"0.84263","scoring_system":"epss","scoring_elements":"0.99329","published_at":"2026-06-04T12:55:00Z"},{"value":"0.84263","scoring_system":"epss","scoring_elements":"0.99332","published_at":"2026-06-06T12:55:00Z"},{"value":"0.84263","scoring_system":"epss","scoring_elements":"0.9933","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422"},{"reference_url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab"},{"reference_url":"https://github.com/intelliants/subrion/issues/801","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/801"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py","reference_id":"CVE-2018-19422","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422","reference_id":"CVE-2018-19422","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422"},{"reference_url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5","reference_id":"GHSA-73xj-v6gc-g5p5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62791?format=json","purl":"pkg:composer/intelliants/subrion@4.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2"}],"aliases":["CVE-2018-19422","GHSA-73xj-v6gc-g5p5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9j6-3ua6-xyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109893?format=json","vulnerability_id":"VCID-vpfn-xgz4-p3em","summary":"Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel\nCross Site Scripting (XSS) in the Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via the Login Field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49277","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4924","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49301","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49312","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49294","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49265","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059"},{"reference_url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059"},{"reference_url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4","reference_id":"GHSA-rh4r-9689-6xw4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4"}],"fixed_packages":[],"aliases":["CVE-2022-37059","GHSA-rh4r-9689-6xw4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpfn-xgz4-p3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47141?format=json","vulnerability_id":"VCID-xpqs-g8du-t7h1","summary":"Subrion CMS vulnerable to Cross Site Scripting\nSubrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47997","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4798","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47968","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48011","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48015","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399"},{"reference_url":"https://cwe.mitre.org/data/definitions/79","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T18:21:09Z/"}],"url":"https://cwe.mitre.org/data/definitions/79"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399","reference_id":"CVE-2024-25399","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399"},{"reference_url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q","reference_id":"GHSA-q4qh-8pxw-r48q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q"}],"fixed_packages":[],"aliases":["CVE-2024-25399","GHSA-q4qh-8pxw-r48q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpqs-g8du-t7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42846?format=json","vulnerability_id":"VCID-zwtc-9g9p-3yf8","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464","reference_id":"","reference_type":"","scores":[{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74085","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74078","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74111","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74116","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/888","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464","reference_id":"CVE-2021-43464","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464"},{"reference_url":"https://github.com/advisories/GHSA-g54x-29xv-58h5","reference_id":"GHSA-g54x-29xv-58h5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g54x-29xv-58h5"}],"fixed_packages":[],"aliases":["CVE-2021-43464","GHSA-g54x-29xv-58h5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwtc-9g9p-3yf8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.2"}