CVE-2026-12202
LowCVSS 2.4Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
A vulnerability has been found in Intelliants Subrion CMS up to version 4.0.3. The issue affects some unknown functionality of the Blocks Endpoint component, where manipulation of the CSS class name leads to cross-site scripting.
Risk Assessment
An attacker may remotely exploit this vulnerability, posing a risk of session hijacking or data theft. The public disclosure of the exploit increases the likelihood of attacks.
Recommendation
It is recommended to update the system to the latest version to mitigate this vulnerability. Additionally, monitoring logs and implementing extra protections against XSS attacks is advised.
Original NVD description (English source)
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

