CVE-2020-18325

MEDIUM

Intelliants Subrion CMS 4.2.1 - Stored Cross-Site Scripting in Configuration Panel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-18325. PoCs published by hamm0nz.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-18325, demonstrating multiple reflected XSS vulnerabilities in Subrion CMS v4.2.1. The PoC includes a crafted HTTP POST request that injects arbitrary JavaScript into the configuration panel.

Description

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

Exploits (1)

nomisec WORKING POC

by hamm0nz · poc

https://github.com/hamm0nz/CVE-2020-18325

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2020-18325, demonstrating multiple reflected XSS vulnerabilities in Subrion CMS v4.2.1. The PoC includes a crafted HTTP POST request that injects arbitrary JavaScript into the configuration panel.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Subrion CMS v4.2.1

Auth required

Prerequisites: Access to the Subrion CMS configuration panel · Valid session cookie

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_misc

http://subrion.com

Broken Link x_refsource_misc

http://intelliants.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/hamm0nz/CVE-2020-18325

Scores

CVSS v3 6.1

EPSS 0.0171

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

intelliants/subrion 0Packagist

intelliants/subrion_cms 4.2.1

Published Mar 04, 2022

Tracked Since Feb 18, 2026