CVE-2012-4771

Subrion CMS <2.2.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/22159

References (7)

Scores

EPSS 0.0723
EPSS Percentile 91.5%

Details

CWE
CWE-79
Status published
Products (5)
intelliants/subrion_cms < 2.2.2
intelliants/subrion_cms
intelliants/subrion_cms
intelliants/subrion_cms
n/a/n/a
Published Oct 22, 2012
Tracked Since Feb 18, 2026