{"url":"http://public2.vulnerablecode.io/api/packages/55240?format=json","purl":"pkg:composer/intelliants/subrion@4.2.1","type":"composer","namespace":"intelliants","name":"subrion","version":"4.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2.2","latest_non_vulnerable_version":"4.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16418?format=json","vulnerability_id":"VCID-3bwe-5b6b-a7e2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSubrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42778","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14835"},{"reference_url":"https://github.com/intelliants/subrion/issues/760","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/760"},{"reference_url":"https://github.com/intelliants/subrion/pull/763/commits","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/pull/763/commits"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835","reference_id":"CVE-2018-14835","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14835"},{"reference_url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf","reference_id":"GHSA-c8mg-wp7h-f2pf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c8mg-wp7h-f2pf"}],"fixed_packages":[],"aliases":["CVE-2018-14835","GHSA-c8mg-wp7h-f2pf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bwe-5b6b-a7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18510?format=json","vulnerability_id":"VCID-3h1n-dvmt-5qhz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43830","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50662","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43830"},{"reference_url":"https://github.com/al3zx/xss_financial_subrion_4.2.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/al3zx/xss_financial_subrion_4.2.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43830","reference_id":"CVE-2023-43830","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43830"},{"reference_url":"https://github.com/advisories/GHSA-q832-2275-rfqh","reference_id":"GHSA-q832-2275-rfqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q832-2275-rfqh"}],"fixed_packages":[],"aliases":["CVE-2023-43830","GHSA-q832-2275-rfqh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3h1n-dvmt-5qhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18666?format=json","vulnerability_id":"VCID-3hbd-spm4-2kaz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875","reference_id":"","reference_type":"","scores":[{"value":"0.026","scoring_system":"epss","scoring_elements":"0.85872","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43875"},{"reference_url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"},{"reference_url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875","reference_id":"CVE-2023-43875","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43875"},{"reference_url":"https://github.com/advisories/GHSA-646r-8fcc-p82r","reference_id":"GHSA-646r-8fcc-p82r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-646r-8fcc-p82r"}],"fixed_packages":[],"aliases":["CVE-2023-43875","GHSA-646r-8fcc-p82r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hbd-spm4-2kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148410?format=json","vulnerability_id":"VCID-44kx-4nnh-4bdf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357","reference_id":"","reference_type":"","scores":[{"value":"0.01618","scoring_system":"epss","scoring_elements":"0.82122","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7357"},{"reference_url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ngpentest007/CVE-2019-7357/blob/main/Subrion_4.2.1%20-%20CVE-2019-7357.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357","reference_id":"CVE-2019-7357","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7357"},{"reference_url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv","reference_id":"GHSA-5mh2-82g9-72jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mh2-82g9-72jv"}],"fixed_packages":[],"aliases":["CVE-2019-7357","GHSA-5mh2-82g9-72jv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44kx-4nnh-4bdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13899?format=json","vulnerability_id":"VCID-51fa-htgd-pkd7","summary":"Cross-site Scripting\nCross-Site Scripting (XSS) vulnerability in Subrion via the title when adding a page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22330","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42096","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22330"},{"reference_url":"https://github.com/intelliants/subrion/commit/06950c2f9c4aa69e323cbdd141beabb6a9273ca4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/commit/06950c2f9c4aa69e323cbdd141beabb6a9273ca4"},{"reference_url":"https://github.com/intelliants/subrion/commit/0e9180d2330a00b1ce8e7ec2e92e0a4e0612f1a9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/commit/0e9180d2330a00b1ce8e7ec2e92e0a4e0612f1a9"},{"reference_url":"https://github.com/intelliants/subrion/issues/850","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/850"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22330","reference_id":"CVE-2020-22330","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22330"},{"reference_url":"https://github.com/advisories/GHSA-jj94-j4r3-5gr4","reference_id":"GHSA-jj94-j4r3-5gr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jj94-j4r3-5gr4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61667?format=json","purl":"pkg:composer/intelliants/subrion@4.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2"}],"aliases":["CVE-2020-22330","GHSA-jj94-j4r3-5gr4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51fa-htgd-pkd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12966?format=json","vulnerability_id":"VCID-7yej-24pb-d3dm","summary":"Cross-site Scripting\n`_core/admin/pages/add/` in Subrion CMS has XSS via the `titles[en]` parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15563","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47421","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15563"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15563","reference_id":"CVE-2018-15563","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15563"}],"fixed_packages":[],"aliases":["CVE-2018-15563"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yej-24pb-d3dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12857?format=json","vulnerability_id":"VCID-8g7b-wfgz-77f1","summary":"Cross-site Scripting\n`uploads/.htaccess` in Subrion CMS allows XSS because it does not block `.html` file uploads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14840","reference_id":"","reference_type":"","scores":[{"value":"0.03066","scoring_system":"epss","scoring_elements":"0.86966","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14840"},{"reference_url":"https://www.exploit-db.com/exploits/45150/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/45150/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14840","reference_id":"CVE-2018-14840","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14840"}],"fixed_packages":[],"aliases":["CVE-2018-14840"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g7b-wfgz-77f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13834?format=json","vulnerability_id":"VCID-8gvw-wym4-qufa","summary":"SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18155","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49643","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18155"},{"reference_url":"https://github.com/intelliants/subrion/issues/817","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/817"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18155","reference_id":"CVE-2020-18155","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18155"},{"reference_url":"https://github.com/advisories/GHSA-7q44-gfvq-6g93","reference_id":"GHSA-7q44-gfvq-6g93","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7q44-gfvq-6g93"}],"fixed_packages":[],"aliases":["CVE-2020-18155","GHSA-7q44-gfvq-6g93"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvw-wym4-qufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14028?format=json","vulnerability_id":"VCID-94z6-as1s-pkem","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40114","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22392"},{"reference_url":"https://github.com/intelliants/subrion/issues/868","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392","reference_id":"CVE-2020-22392","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22392"},{"reference_url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3","reference_id":"GHSA-hxj6-v58r-cqv3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hxj6-v58r-cqv3"}],"fixed_packages":[],"aliases":["CVE-2020-22392","GHSA-hxj6-v58r-cqv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94z6-as1s-pkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206270?format=json","vulnerability_id":"VCID-9fac-c1gc-jbft","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71746","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43121"},{"reference_url":"https://github.com/intelliants/subrion/issues/895","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121","reference_id":"CVE-2022-43121","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43121"},{"reference_url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh","reference_id":"GHSA-jrvr-gmqv-hgrh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jrvr-gmqv-hgrh"}],"fixed_packages":[],"aliases":["CVE-2022-43121","GHSA-jrvr-gmqv-hgrh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fac-c1gc-jbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206269?format=json","vulnerability_id":"VCID-9hkc-qw4n-t7at","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70546","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43120"},{"reference_url":"https://github.com/intelliants/subrion/issues/894","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/894"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120","reference_id":"CVE-2022-43120","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43120"},{"reference_url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6","reference_id":"GHSA-3wmg-28v9-8hf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wmg-28v9-8hf6"}],"fixed_packages":[],"aliases":["CVE-2022-43120","GHSA-3wmg-28v9-8hf6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hkc-qw4n-t7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18756?format=json","vulnerability_id":"VCID-abws-hvpw-myfy","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nSubrion 4.2.1 has a remote command execution vulnerability in the backend.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46947","reference_id":"","reference_type":"","scores":[{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83383","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46947"},{"reference_url":"https://github.com/intelliants/subrion/issues/909","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/909"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46947","reference_id":"CVE-2023-46947","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46947"},{"reference_url":"https://github.com/advisories/GHSA-2x28-c7j7-23gv","reference_id":"GHSA-2x28-c7j7-23gv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2x28-c7j7-23gv"}],"fixed_packages":[],"aliases":["CVE-2023-46947","GHSA-2x28-c7j7-23gv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abws-hvpw-myfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16522?format=json","vulnerability_id":"VCID-by36-7n26-g7cc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\npanel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55426","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16629"},{"reference_url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385"},{"reference_url":"https://github.com/intelliants/subrion/issues/777","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/777"},{"reference_url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629","reference_id":"CVE-2018-16629","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16629"},{"reference_url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj","reference_id":"GHSA-mxv3-qcmf-r6wj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mxv3-qcmf-r6wj"}],"fixed_packages":[],"aliases":["CVE-2018-16629","GHSA-mxv3-qcmf-r6wj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by36-7n26-g7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12910?format=json","vulnerability_id":"VCID-cjhs-mtaa-7kdb","summary":"Cross-site Scripting\nThere is Stored XSS in Subrion via the admin panel URL configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16327","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44499","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16327"},{"reference_url":"https://github.com/intelliants/subrion/issues/771","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/771"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16327","reference_id":"CVE-2018-16327","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16327"}],"fixed_packages":[],"aliases":["CVE-2018-16327"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjhs-mtaa-7kdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15192?format=json","vulnerability_id":"VCID-ekj6-hqpd-5ybq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325","reference_id":"","reference_type":"","scores":[{"value":"0.01709","scoring_system":"epss","scoring_elements":"0.82644","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18325"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[],"url":"https://github.com/hamm0nz/CVE-2020-18325"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325","reference_id":"CVE-2020-18325","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18325"},{"reference_url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv","reference_id":"GHSA-pcwq-7wrw-r8jv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcwq-7wrw-r8jv"}],"fixed_packages":[],"aliases":["CVE-2020-18325","GHSA-pcwq-7wrw-r8jv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekj6-hqpd-5ybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15650?format=json","vulnerability_id":"VCID-fc5n-dcez-93fn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA cross-site scripting (XSS) vulnerability exists in the \"contact us\" plugin for Subrion CMS <= 4.2.1 version via \"List of subjects\".","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40876","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41948"},{"reference_url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion-plugin-contact_us/issues/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948","reference_id":"CVE-2021-41948","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41948"},{"reference_url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q","reference_id":"GHSA-jv64-2m3x-6v4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jv64-2m3x-6v4q"}],"fixed_packages":[],"aliases":["CVE-2021-41948","GHSA-jv64-2m3x-6v4q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fc5n-dcez-93fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201832?format=json","vulnerability_id":"VCID-gmvv-sz8z-ebgp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49214","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37059"},{"reference_url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing","reference_id":"","reference_type":"","scores":[],"url":"https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059","reference_id":"CVE-2022-37059","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37059"},{"reference_url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4","reference_id":"GHSA-rh4r-9689-6xw4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh4r-9689-6xw4"}],"fixed_packages":[],"aliases":["CVE-2022-37059","GHSA-rh4r-9689-6xw4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmvv-sz8z-ebgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183538?format=json","vulnerability_id":"VCID-hay9-1wuc-s3b1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42778","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41502"},{"reference_url":"https://github.com/intelliants/subrion/issues/885","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502","reference_id":"CVE-2021-41502","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41502"},{"reference_url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4","reference_id":"GHSA-jvq4-cgfw-jgf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvq4-cgfw-jgf4"}],"fixed_packages":[],"aliases":["CVE-2021-41502","GHSA-jvq4-cgfw-jgf4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hay9-1wuc-s3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19545?format=json","vulnerability_id":"VCID-j2eh-myxv-abbm","summary":"Subrion CMS vulnerable to SQL Injection\nSubrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65958","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25400"},{"reference_url":"https://cwe.mitre.org/data/definitions/89.html","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/89.html"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://github.com/intelliants/subrion/issues/910","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/910"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[],"url":"https://subrion.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400","reference_id":"CVE-2024-25400","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25400"},{"reference_url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v","reference_id":"GHSA-xxf8-fpmr-fw7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxf8-fpmr-fw7v"}],"fixed_packages":[],"aliases":["CVE-2024-25400","GHSA-xxf8-fpmr-fw7v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2eh-myxv-abbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22388?format=json","vulnerability_id":"VCID-j8ge-mhfk-ebd9","summary":"Subrion CMS vulnerable to cross-site scripting\nMultiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70958"},{"reference_url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958","reference_id":"CVE-2025-70958","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70958"},{"reference_url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv","reference_id":"GHSA-9jjm-mc56-3qxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jjm-mc56-3qxv"}],"fixed_packages":[],"aliases":["CVE-2025-70958","GHSA-9jjm-mc56-3qxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8ge-mhfk-ebd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18518?format=json","vulnerability_id":"VCID-jqzh-mw8h-23bv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43828","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50662","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43828"},{"reference_url":"https://github.com/al3zx/xss_languages_subrion_4.2.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/al3zx/xss_languages_subrion_4.2.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43828","reference_id":"CVE-2023-43828","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43828"}],"fixed_packages":[],"aliases":["CVE-2023-43828"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqzh-mw8h-23bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158342?format=json","vulnerability_id":"VCID-ng2d-pg2s-2fac","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61069","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23761"},{"reference_url":"https://subrion.org","reference_id":"","reference_type":"","scores":[],"url":"https://subrion.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761","reference_id":"CVE-2020-23761","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23761"},{"reference_url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version","reference_id":"CVE-2020-23761-STORED-XSS-VULNERABILITY-IN-SUBRION-CMS-VERSION","reference_type":"","scores":[],"url":"http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version"},{"reference_url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576","reference_id":"GHSA-xhc3-5pgf-p576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhc3-5pgf-p576"}],"fixed_packages":[],"aliases":["CVE-2020-23761","GHSA-xhc3-5pgf-p576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ng2d-pg2s-2fac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15451?format=json","vulnerability_id":"VCID-ngpm-xvdu-sybs","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464","reference_id":"","reference_type":"","scores":[{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74025","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43464"},{"reference_url":"https://github.com/intelliants/subrion/issues/888","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464","reference_id":"CVE-2021-43464","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43464"},{"reference_url":"https://github.com/advisories/GHSA-g54x-29xv-58h5","reference_id":"GHSA-g54x-29xv-58h5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g54x-29xv-58h5"}],"fixed_packages":[],"aliases":["CVE-2021-43464","GHSA-g54x-29xv-58h5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngpm-xvdu-sybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18532?format=json","vulnerability_id":"VCID-qwxk-wzqe-7kdp","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43884","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39903","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43884"},{"reference_url":"https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43884","reference_id":"CVE-2023-43884","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43884"}],"fixed_packages":[],"aliases":["CVE-2023-43884"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwxk-wzqe-7kdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16241?format=json","vulnerability_id":"VCID-r136-w6fm-t7fc","summary":"Unrestricted Upload of File with Dangerous Type\n/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.","references":[{"reference_url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html"},{"reference_url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422","reference_id":"","reference_type":"","scores":[{"value":"0.84263","scoring_system":"epss","scoring_elements":"0.99328","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19422"},{"reference_url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab"},{"reference_url":"https://github.com/intelliants/subrion/issues/801","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion/issues/801"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422","reference_id":"CVE-2018-19422","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19422"},{"reference_url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5","reference_id":"GHSA-73xj-v6gc-g5p5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xj-v6gc-g5p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61667?format=json","purl":"pkg:composer/intelliants/subrion@4.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.2"}],"aliases":["CVE-2018-19422","GHSA-73xj-v6gc-g5p5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r136-w6fm-t7fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19556?format=json","vulnerability_id":"VCID-s1ez-jft2-tydn","summary":"Subrion CMS vulnerable to Cross Site Scripting\nSubrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47933","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25399"},{"reference_url":"https://cwe.mitre.org/data/definitions/79","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/79"},{"reference_url":"https://github.com/intelliants/subrion","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/intelliants/subrion"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399","reference_id":"CVE-2024-25399","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25399"},{"reference_url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q","reference_id":"GHSA-q4qh-8pxw-r48q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4qh-8pxw-r48q"}],"fixed_packages":[],"aliases":["CVE-2024-25399","GHSA-q4qh-8pxw-r48q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1ez-jft2-tydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15194?format=json","vulnerability_id":"VCID-sqbf-5a82-yucu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.","references":[{"reference_url":"http://intelliants.com","reference_id":"","reference_type":"","scores":[],"url":"http://intelliants.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324","reference_id":"","reference_type":"","scores":[{"value":"0.06672","scoring_system":"epss","scoring_elements":"0.9137","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18324"},{"reference_url":"http://subrion.com","reference_id":"","reference_type":"","scores":[],"url":"http://subrion.com"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[],"url":"https://github.com/hamm0nz/CVE-2020-18324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324","reference_id":"CVE-2020-18324","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18324"},{"reference_url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw","reference_id":"GHSA-xj7h-g7rh-gjcw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj7h-g7rh-gjcw"}],"fixed_packages":[],"aliases":["CVE-2020-18324","GHSA-xj7h-g7rh-gjcw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqbf-5a82-yucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15195?format=json","vulnerability_id":"VCID-vzeg-42da-euej","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326","reference_id":"","reference_type":"","scores":[{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82255","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18326"},{"reference_url":"https://github.com/hamm0nz/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[],"url":"https://github.com/hamm0nz/CVE-2020-18326"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326","reference_id":"CVE-2020-18326","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18326"},{"reference_url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx","reference_id":"GHSA-9cc3-5w85-pxvx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cc3-5w85-pxvx"}],"fixed_packages":[],"aliases":["CVE-2020-18326","GHSA-9cc3-5w85-pxvx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzeg-42da-euej"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1"}