PatchSiren cyber security CVE debrief
CVE-2026-12202 Intelliants CVE debrief
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- Intelliants
- Product
- Subrion CMS
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Intelliants Subrion CMS up to 4.0.3 should apply patches or mitigations to prevent cross-site scripting attacks.
Technical summary
CVE-2026-12202 is a cross-site scripting vulnerability in Intelliants Subrion CMS up to 4.0.3. The vulnerability is located in the Blocks Endpoint and can be exploited remotely.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to Intelliants Subrion CMS to version 4.0.3 or later.
- Implement input validation and output encoding to prevent cross-site scripting attacks.
- Monitor the Blocks Endpoint for suspicious activity.
Evidence notes
The CVE-2026-12202 vulnerability has a CVSS score of 1.9 and is considered low severity. The vulnerability was published on June 15, 2026, and has not been modified since.
Official resources
public