XSS in Intelliants Subrion_cms
CVE-2012-5452
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plan…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.195 (95.5th percentile) — read the EPSS interpretation.
Affected products
- Intelliants Subrion_cms — versions 2.2.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC, Vendor Advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)
- subrioncms-multiple-xss(78467) (vdb-entry, x_refsource_XF)
- 55502 (vdb-entry, x_refsource_BID)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 44917 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)
- subrioncms-multiplescripts-xss(78468) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_MISC)