Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
References:GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw
Subrion CMS vulnerable to Cross-site Scripting
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:intelliants/subrion | <= 4.2.1 | No known fixed version | |
Affected Version RangesAll affected versions4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1 |