Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Subrion CMS by Intelliants

    CVE-2026-12202 (GCVE-0-2026-12202)

    Vulnerability from nvd – Published: 2026-06-15 00:45 – Updated: 2026-06-16 03:36 X_Open Source
    VLAI
    Title
    Intelliants Subrion CMS Blocks Endpoint cross site scripting
    Summary
    A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Intelliants Subrion CMS Affected: 4.0.0
    Affected: 4.0.1
    Affected: 4.0.2
    Affected: 4.0.3
        cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Karina Gante (CVE-Hunters) karinagante (VulDB User) karinagante (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12202",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T12:53:08.717599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T12:53:22.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Blocks Endpoint"
              ],
              "product": "Subrion CMS",
              "vendor": "Intelliants",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.1"
                },
                {
                  "status": "affected",
                  "version": "4.0.2"
                },
                {
                  "status": "affected",
                  "version": "4.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Karina Gante (CVE-Hunters)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "karinagante (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "karinagante (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T03:36:25.411Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-370845 | Intelliants Subrion CMS Blocks Endpoint cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/370845"
            },
            {
              "name": "VDB-370845 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/370845/cti"
            },
            {
              "name": "CVE-2026-12202 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12202"
            },
            {
              "name": "Submit #830013 | Intelliants Subrion CMS 4.0.3 Cross Site Scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/830013"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://karinagante.github.io/cve-2026-12202/"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://karinagante.github.io/cve-2026-12202/#proof-of-concept-poc"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-16T05:38:09.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Intelliants Subrion CMS Blocks Endpoint cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12202",
        "datePublished": "2026-06-15T00:45:08.592Z",
        "dateReserved": "2026-06-14T11:47:26.996Z",
        "dateUpdated": "2026-06-16T03:36:25.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12202 (GCVE-0-2026-12202)

    Vulnerability from cvelistv5 – Published: 2026-06-15 00:45 – Updated: 2026-06-16 03:36 X_Open Source
    VLAI
    Title
    Intelliants Subrion CMS Blocks Endpoint cross site scripting
    Summary
    A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Intelliants Subrion CMS Affected: 4.0.0
    Affected: 4.0.1
    Affected: 4.0.2
    Affected: 4.0.3
        cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Karina Gante (CVE-Hunters) karinagante (VulDB User) karinagante (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12202",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T12:53:08.717599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T12:53:22.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Blocks Endpoint"
              ],
              "product": "Subrion CMS",
              "vendor": "Intelliants",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.1"
                },
                {
                  "status": "affected",
                  "version": "4.0.2"
                },
                {
                  "status": "affected",
                  "version": "4.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Karina Gante (CVE-Hunters)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "karinagante (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "karinagante (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T03:36:25.411Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-370845 | Intelliants Subrion CMS Blocks Endpoint cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/370845"
            },
            {
              "name": "VDB-370845 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/370845/cti"
            },
            {
              "name": "CVE-2026-12202 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12202"
            },
            {
              "name": "Submit #830013 | Intelliants Subrion CMS 4.0.3 Cross Site Scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/830013"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://karinagante.github.io/cve-2026-12202/"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://karinagante.github.io/cve-2026-12202/#proof-of-concept-poc"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-16T05:38:09.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Intelliants Subrion CMS Blocks Endpoint cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12202",
        "datePublished": "2026-06-15T00:45:08.592Z",
        "dateReserved": "2026-06-14T11:47:26.996Z",
        "dateUpdated": "2026-06-16T03:36:25.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }