An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw

Moderate EPSS: 0.026% (0.84733 Percentile) EPSS:

Subrion CMS vulnerable to Cross-site Scripting

Affected Packages Affected Versions Fixed Versions
packagist:intelliants/subrion <= 4.2.1 No known fixed version
0 Dependent packages
4 Dependent repositories
129 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

References: