CVE-2026-12202

LOW

Intelliants Subrion CMS Blocks Endpoint cross site scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-12202. PoCs published by KarinaGante.

AI-analyzed exploit summary This repository contains a detailed technical writeup for CVE-2026-12202, a stored XSS vulnerability in Subrion CMS's 'Blocks' endpoint via the 'CSS class name' parameter. It includes a step-by-step PoC, payload, and impact analysis.

Description

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP

by KarinaGante · htmlpoc

https://github.com/KarinaGante/KG-Sec/tree/main/CVEs/SubrionCMS/CVE-2026-12202.md

View Code ZIP pw:eip

This repository contains a detailed technical writeup for CVE-2026-12202, a stored XSS vulnerability in Subrion CMS's 'Blocks' endpoint via the 'CSS class name' parameter. It includes a step-by-step PoC, payload, and impact analysis.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Subrion CMS

Auth required

Prerequisites: admin access to Subrion CMS dashboard

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Jun 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-370845 | Intelliants Subrion CMS Blocks Endpoint cross site scripting

https://vuldb.com/vuln/370845

Exploit exploit

https://hackmd.io/@noka/B1sue5Xkzl

Signature, Permissions Required signature permissions-required

VDB-370845 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/370845/cti

Third Party Advisory third-party-advisory

CVE-2026-12202 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-12202

Third Party Advisory third-party-advisory

Submit #830013 | Intelliants Subrion CMS 4.0.3 Cross Site Scripting

https://vuldb.com/submit/830013

Scores

CVSS v3 2.4

EPSS 0.0021

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (4)

Intelliants/Subrion CMS 4.0.0

Intelliants/Subrion CMS 4.0.1

Intelliants/Subrion CMS 4.0.2

Intelliants/Subrion CMS 4.0.3

Published Jun 15, 2026

Tracked Since Jun 15, 2026