CVE-2026-12202

2.4 LOW

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS: 2.4 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79, CWE-94

Description

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12202
[Other]https://hackmd.io/@noka/B1sue5Xkzl
[Other]https://vuldb.com/cve/CVE-2026-12202
[Other]https://vuldb.com/submit/830013
[Other]https://vuldb.com/vuln/370845
[Other]https://vuldb.com/vuln/370845/cti

Related CVEs

Same CWE

CVE-2026-12209 — A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10 (5.3 MEDIUM)
CVE-2026-12208 — A weakness has been identified in jsonata-js jsonata up to 2.2.0 (5.3 MEDIUM)
CVE-2026-12176 — A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 (4.3 MEDIUM)
CVE-2026-5513 — The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '... (7.2 HIGH)
CVE-2026-9629 — The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including... (6.4 MEDIUM)