{"url":"http://public2.vulnerablecode.io/api/packages/386518?format=json","purl":"pkg:composer/intelliants/subrion@4.0.5","type":"composer","namespace":"intelliants","name":"subrion","version":"4.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.6","latest_non_vulnerable_version":"4.1.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208368?format=json","vulnerability_id":"VCID-1eu2-z68g-zkfm","summary":"Cross Site Request Forgery in intelliants/subrion","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326","reference_id":"","reference_type":"","scores":[{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82356","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18326"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326"},{"reference_url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx","reference_id":"GHSA-9cc3-5w85-pxvx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx"}],"fixed_packages":[],"aliases":["CVE-2020-18326","GHSA-9cc3-5w85-pxvx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1eu2-z68g-zkfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208367?format=json","vulnerability_id":"VCID-34xc-x3cs-ykc8","summary":"Cross-site Scripting in intelliants/subrion","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325","reference_id":"","reference_type":"","scores":[{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.8274","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18325"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325"},{"reference_url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv","reference_id":"GHSA-pcwq-7wrw-r8jv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv"}],"fixed_packages":[],"aliases":["CVE-2020-18325","GHSA-pcwq-7wrw-r8jv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34xc-x3cs-ykc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208690?format=json","vulnerability_id":"VCID-3agh-2xty-qug8","summary":"Remote code execution in Subrion","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464","reference_id":"","reference_type":"","scores":[{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.7416","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/888","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464","reference_id":"CVE-2021-43464","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464"},{"reference_url":"https://github.com/advisories/GHSA-g54x-29xv-58h5","reference_id":"GHSA-g54x-29xv-58h5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g54x-29xv-58h5"}],"fixed_packages":[],"aliases":["CVE-2021-43464","GHSA-g54x-29xv-58h5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3agh-2xty-qug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208364?format=json","vulnerability_id":"VCID-4jdf-mty9-4be2","summary":"Cross-site Scripting in Subrion CMS","references":[{"reference_url":"http://intelliants.com","reference_id":"","reference_type":"","scores":[],"url":"http://intelliants.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324","reference_id":"","reference_type":"","scores":[{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.91433","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"http://subrion.com","reference_id":"","reference_type":"","scores":[],"url":"http://subrion.com"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hamm0nz/CVE-2020-18324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324"},{"reference_url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw","reference_id":"GHSA-xj7h-g7rh-gjcw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw"}],"fixed_packages":[],"aliases":["CVE-2020-18324","GHSA-xj7h-g7rh-gjcw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4jdf-mty9-4be2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209436?format=json","vulnerability_id":"VCID-81kj-x3ya-yuhu","summary":"Subrion CMS RCE Vulnerability","references":[{"reference_url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html"},{"reference_url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422","reference_id":"","reference_type":"","scores":[{"value":"0.83882","scoring_system":"epss","scoring_elements":"0.99315","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422"},{"reference_url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab"},{"reference_url":"https://github.com/intelliants/subrion/issues/801","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/801"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py","reference_id":"CVE-2018-19422","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422","reference_id":"CVE-2018-19422","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422"},{"reference_url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5","reference_id":"GHSA-73xj-v6gc-g5p5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21265?format=json","purl":"pkg:composer/intelliants/subrion@4.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2"}],"aliases":["CVE-2018-19422","GHSA-73xj-v6gc-g5p5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81kj-x3ya-yuhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210220?format=json","vulnerability_id":"VCID-8btx-c5j3-dyb9","summary":"Subrion CMS CSRF Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357","reference_id":"","reference_type":"","scores":[{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82224","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357","reference_id":"CVE-2019-7357","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357"},{"reference_url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv","reference_id":"GHSA-5mh2-82g9-72jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv"}],"fixed_packages":[],"aliases":["CVE-2019-7357","GHSA-5mh2-82g9-72jv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8btx-c5j3-dyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211257?format=json","vulnerability_id":"VCID-asep-5maj-8kha","summary":"Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49343","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059"},{"reference_url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059","reference_id":"CVE-2022-37059","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059"},{"reference_url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4","reference_id":"GHSA-rh4r-9689-6xw4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4"}],"fixed_packages":[],"aliases":["CVE-2022-37059","GHSA-rh4r-9689-6xw4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asep-5maj-8kha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209023?format=json","vulnerability_id":"VCID-b3mu-szvj-nud4","summary":"Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40949","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948"},{"reference_url":"https://github.com/intelliants/subrion-plugin-contact_us","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion-plugin-contact_us"},{"reference_url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948","reference_id":"CVE-2021-41948","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948"},{"reference_url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q","reference_id":"GHSA-jv64-2m3x-6v4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q"}],"fixed_packages":[],"aliases":["CVE-2021-41948","GHSA-jv64-2m3x-6v4q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3mu-szvj-nud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163085?format=json","vulnerability_id":"VCID-cygw-m7q2-suhk","summary":"A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120","reference_id":"","reference_type":"","scores":[{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70773","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/894","reference_id":"894","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:10:58Z/"}],"url":"https://github.com/intelliants/subrion/issues/894"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120","reference_id":"CVE-2022-43120","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120"},{"reference_url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6","reference_id":"GHSA-3wmg-28v9-8hf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6"}],"fixed_packages":[],"aliases":["CVE-2022-43120","GHSA-3wmg-28v9-8hf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cygw-m7q2-suhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321624?format=json","vulnerability_id":"VCID-e4ae-w864-qfcq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12469","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45449","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12469"},{"reference_url":"https://belong2yourself.github.io/vulnerabilities/docs/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection/readme","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://belong2yourself.github.io/vulnerabilities/docs/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection/readme"},{"reference_url":"https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12469","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12469"}],"fixed_packages":[],"aliases":["CVE-2020-12469","GHSA-fmqq-hw9m-448q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ae-w864-qfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/301901?format=json","vulnerability_id":"VCID-fny2-gkwu-c7hx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55573","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385"},{"reference_url":"https://github.com/intelliants/subrion/issues/777","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/777"},{"reference_url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629"},{"reference_url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj","reference_id":"GHSA-mxv3-qcmf-r6wj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj"}],"fixed_packages":[],"aliases":["CVE-2018-16629","GHSA-mxv3-qcmf-r6wj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fny2-gkwu-c7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162771?format=json","vulnerability_id":"VCID-gap4-y6xu-tbg8","summary":"A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.72","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/895","reference_id":"895","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T15:32:36Z/"}],"url":"https://github.com/intelliants/subrion/issues/895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121","reference_id":"CVE-2022-43121","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121"},{"reference_url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh","reference_id":"GHSA-jrvr-gmqv-hgrh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh"}],"fixed_packages":[],"aliases":["CVE-2022-43121","GHSA-jrvr-gmqv-hgrh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gap4-y6xu-tbg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103408?format=json","vulnerability_id":"VCID-jegp-5xka-wyc7","summary":"An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56556","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23506","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56556"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56556","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56556"},{"reference_url":"https://github.com/intelliants/subrion/issues/913","reference_id":"913","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T20:35:53Z/"}],"url":"https://github.com/intelliants/subrion/issues/913"},{"reference_url":"https://github.com/advisories/GHSA-h8wv-vv58-468h","reference_id":"GHSA-h8wv-vv58-468h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h8wv-vv58-468h"}],"fixed_packages":[],"aliases":["CVE-2025-56556","GHSA-h8wv-vv58-468h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jegp-5xka-wyc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/291295?format=json","vulnerability_id":"VCID-m42f-yyr5-d7f7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15063","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15063"},{"reference_url":"https://github.com/intelliants/subrion/commit/5fdf03af1a7d89c3692faa155e17457153020dca","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/5fdf03af1a7d89c3692faa155e17457153020dca"},{"reference_url":"https://github.com/intelliants/subrion/commit/65fb937a588d730e57da0c2c5ca3bc4b9c2b5628","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/65fb937a588d730e57da0c2c5ca3bc4b9c2b5628"},{"reference_url":"https://github.com/intelliants/subrion/issues/547","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/547"},{"reference_url":"https://github.com/intelliants/subrion/issues/570","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/570"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386739?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"}],"aliases":["CVE-2017-15063","GHSA-rc94-7v55-wmg6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m42f-yyr5-d7f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/301002?format=json","vulnerability_id":"VCID-mg64-kkpq-tugw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42869","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/a33a224c6c9e25144d828f92f6141c719215094b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/a33a224c6c9e25144d828f92f6141c719215094b"},{"reference_url":"https://github.com/intelliants/subrion/issues/760","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/760"},{"reference_url":"https://github.com/intelliants/subrion/pull/763","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/pull/763"},{"reference_url":"https://github.com/intelliants/subrion/pull/763/commits","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/pull/763/commits"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835"},{"reference_url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf","reference_id":"GHSA-c8mg-wp7h-f2pf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf"}],"fixed_packages":[],"aliases":["CVE-2018-14835","GHSA-c8mg-wp7h-f2pf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg64-kkpq-tugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210749?format=json","vulnerability_id":"VCID-n3u6-my1k-cqh9","summary":"Cross site scripting in intelliants/subrion","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42869","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/885","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502","reference_id":"CVE-2021-41502","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502"},{"reference_url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4","reference_id":"GHSA-jvq4-cgfw-jgf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4"}],"fixed_packages":[],"aliases":["CVE-2021-41502","GHSA-jvq4-cgfw-jgf4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3u6-my1k-cqh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295279?format=json","vulnerability_id":"VCID-n4d3-jy9j-tyam","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6068","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6068"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6068","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6068"},{"reference_url":"https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091"},{"reference_url":"https://github.com/advisories/GHSA-q4h5-g3w8-f9x7","reference_id":"GHSA-q4h5-g3w8-f9x7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4h5-g3w8-f9x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386519?format=json","purl":"pkg:composer/intelliants/subrion@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-m42f-yyr5-d7f7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-pc6t-3jud-d3ca"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-u2nu-6k6d-kbhp"},{"vulnerability":"VCID-vgtx-d9rz-67f9"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.0"}],"aliases":["CVE-2017-6068","GHSA-q4h5-g3w8-f9x7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4d3-jy9j-tyam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/304815?format=json","vulnerability_id":"VCID-pc6t-3jud-d3ca","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21037","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39016","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21037"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/blob/c8aaeb04f44554e454be9763527a7be7fbe7bfd5/changelog.txt#L899","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/blob/c8aaeb04f44554e454be9763527a7be7fbe7bfd5/changelog.txt#L899"},{"reference_url":"https://github.com/intelliants/subrion/issues/638","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21037","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21037"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386739?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19605?format=json","purl":"pkg:composer/intelliants/subrion@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-3wqk-jqg9-cbfk"},{"vulnerability":"VCID-44dg-nvgm-3qhj"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-4p5c-4j9w-pfaq"},{"vulnerability":"VCID-5hma-awsq-u7e2"},{"vulnerability":"VCID-64zq-1s59-pucm"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-dx7d-9x2k-bbd8"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-hc59-vjcf-e7ay"},{"vulnerability":"VCID-j3g3-1ngs-akcn"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-mbzc-scgw-dfdz"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-mtgw-ycjg-37c9"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-sdrj-pknt-uqg9"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-x3bf-e2mb-x3c9"},{"vulnerability":"VCID-x4pq-f3ea-d7fn"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1"}],"aliases":["CVE-2018-21037","GHSA-g8j7-w673-4mjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc6t-3jud-d3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117666?format=json","vulnerability_id":"VCID-ruxf-juzd-dbhs","summary":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05749","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958","reference_id":"CVE-2025-70958","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958"},{"reference_url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv","reference_id":"GHSA-9jjm-mc56-3qxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv"},{"reference_url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt","reference_id":"subrion-cms-exploit.txt","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:39:36Z/"}],"url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt"}],"fixed_packages":[],"aliases":["CVE-2025-70958","GHSA-9jjm-mc56-3qxv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruxf-juzd-dbhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/325180?format=json","vulnerability_id":"VCID-tdym-h56a-hudr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/868","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392"},{"reference_url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3","reference_id":"GHSA-hxj6-v58r-cqv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3"}],"fixed_packages":[],"aliases":["CVE-2020-22392","GHSA-hxj6-v58r-cqv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdym-h56a-hudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292821?format=json","vulnerability_id":"VCID-u2nu-6k6d-kbhp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18366","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3404","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18366"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/8c08d7b92a4b7b5820a951d53c24844715439b73","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/8c08d7b92a4b7b5820a951d53c24844715439b73"},{"reference_url":"https://github.com/intelliants/subrion/issues/477","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18366"},{"reference_url":"https://github.com/advisories/GHSA-c939-g732-48r8","reference_id":"GHSA-c939-g732-48r8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c939-g732-48r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386739?format=json","purl":"pkg:composer/intelliants/subrion@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19605?format=json","purl":"pkg:composer/intelliants/subrion@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-3wqk-jqg9-cbfk"},{"vulnerability":"VCID-44dg-nvgm-3qhj"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-4p5c-4j9w-pfaq"},{"vulnerability":"VCID-5hma-awsq-u7e2"},{"vulnerability":"VCID-64zq-1s59-pucm"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-dx7d-9x2k-bbd8"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-hc59-vjcf-e7ay"},{"vulnerability":"VCID-j3g3-1ngs-akcn"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-mbzc-scgw-dfdz"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-mtgw-ycjg-37c9"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-sdrj-pknt-uqg9"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-x3bf-e2mb-x3c9"},{"vulnerability":"VCID-x4pq-f3ea-d7fn"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1"}],"aliases":["CVE-2017-18366","GHSA-c939-g732-48r8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2nu-6k6d-kbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/299016?format=json","vulnerability_id":"VCID-vgtx-d9rz-67f9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11317","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11317"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/blob/610b21d3ff185bd287d55fe016d4266abf04a3bf/includes/classes/ia.admin.sitemap.php#L79-L83"},{"reference_url":"https://github.com/intelliants/subrion/releases/tag/v4.1.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/releases/tag/v4.1.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11317","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11317"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384677?format=json","purl":"pkg:composer/intelliants/subrion@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-j28x-ngw4-gqcf"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-m42f-yyr5-d7f7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-pc6t-3jud-d3ca"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-u2nu-6k6d-kbhp"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.4"}],"aliases":["CVE-2018-11317","GHSA-2cmg-vxvh-8h7h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtx-d9rz-67f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128782?format=json","vulnerability_id":"VCID-w8t3-m2rh-c3gk","summary":"Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875","reference_id":"","reference_type":"","scores":[{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875"},{"reference_url":"https://github.com/advisories/GHSA-646r-8fcc-p82r","reference_id":"GHSA-646r-8fcc-p82r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-646r-8fcc-p82r"},{"reference_url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"README.md","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T19:49:31Z/"}],"url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"},{"reference_url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"README.md","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T19:49:31Z/"}],"url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"}],"fixed_packages":[],"aliases":["CVE-2023-43875","GHSA-646r-8fcc-p82r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8t3-m2rh-c3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210385?format=json","vulnerability_id":"VCID-wx3s-ekw6-g3gg","summary":"subrion CMS Cross Site Scripting (XSS) vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://subrion.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761","reference_id":"CVE-2020-23761","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761"},{"reference_url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version","reference_id":"CVE-2020-23761-STORED-XSS-VULNERABILITY-IN-SUBRION-CMS-VERSION","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version"},{"reference_url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576","reference_id":"GHSA-xhc3-5pgf-p576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576"}],"fixed_packages":[],"aliases":["CVE-2020-23761","GHSA-xhc3-5pgf-p576"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wx3s-ekw6-g3gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295012?format=json","vulnerability_id":"VCID-xnc3-z6mt-rbcc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5543","reference_id":"","reference_type":"","scores":[{"value":"0.01765","scoring_system":"epss","scoring_elements":"0.83035","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5543"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/commit/019dee20a38f39a5827aae2eb92f09b1f6afb7bb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/commit/019dee20a38f39a5827aae2eb92f09b1f6afb7bb"},{"reference_url":"https://github.com/intelliants/subrion/issues/297","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion/issues/297"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5543","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5543"},{"reference_url":"http://www.securityfocus.com/bid/95688","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386519?format=json","purl":"pkg:composer/intelliants/subrion@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eu2-z68g-zkfm"},{"vulnerability":"VCID-34xc-x3cs-ykc8"},{"vulnerability":"VCID-3agh-2xty-qug8"},{"vulnerability":"VCID-4jdf-mty9-4be2"},{"vulnerability":"VCID-81kj-x3ya-yuhu"},{"vulnerability":"VCID-8btx-c5j3-dyb9"},{"vulnerability":"VCID-asep-5maj-8kha"},{"vulnerability":"VCID-b3mu-szvj-nud4"},{"vulnerability":"VCID-cygw-m7q2-suhk"},{"vulnerability":"VCID-e4ae-w864-qfcq"},{"vulnerability":"VCID-fny2-gkwu-c7hx"},{"vulnerability":"VCID-gap4-y6xu-tbg8"},{"vulnerability":"VCID-jegp-5xka-wyc7"},{"vulnerability":"VCID-m42f-yyr5-d7f7"},{"vulnerability":"VCID-mg64-kkpq-tugw"},{"vulnerability":"VCID-n3u6-my1k-cqh9"},{"vulnerability":"VCID-pc6t-3jud-d3ca"},{"vulnerability":"VCID-ruxf-juzd-dbhs"},{"vulnerability":"VCID-tdym-h56a-hudr"},{"vulnerability":"VCID-u2nu-6k6d-kbhp"},{"vulnerability":"VCID-vgtx-d9rz-67f9"},{"vulnerability":"VCID-w8t3-m2rh-c3gk"},{"vulnerability":"VCID-wx3s-ekw6-g3gg"},{"vulnerability":"VCID-y3ba-srhk-73gq"},{"vulnerability":"VCID-yvtb-sdke-93bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.0"}],"aliases":["CVE-2017-5543","GHSA-4j79-4m6q-77vf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xnc3-z6mt-rbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32401?format=json","vulnerability_id":"VCID-y3ba-srhk-73gq","summary":"Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://cwe.mitre.org/data/definitions/79","reference_id":"79","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T18:21:09Z/"}],"url":"https://cwe.mitre.org/data/definitions/79"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399","reference_id":"CVE-2024-25399","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399"},{"reference_url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q","reference_id":"GHSA-q4qh-8pxw-r48q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q"}],"fixed_packages":[],"aliases":["CVE-2024-25399","GHSA-q4qh-8pxw-r48q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ba-srhk-73gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32387?format=json","vulnerability_id":"VCID-yvtb-sdke-93bj","summary":"Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66109","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://subrion.org"},{"reference_url":"https://github.com/intelliants/subrion/issues/910","reference_id":"910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-15T18:04:06Z/"}],"url":"https://github.com/intelliants/subrion/issues/910"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400","reference_id":"CVE-2024-25400","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400"},{"reference_url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v","reference_id":"GHSA-xxf8-fpmr-fw7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v"}],"fixed_packages":[],"aliases":["CVE-2024-25400","GHSA-xxf8-fpmr-fw7v"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvtb-sdke-93bj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.5"}