An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03dmZmLXJ2MmYtY2o3Oc4AA2H8

Moderate EPSS: 0.00184% (0.40765 Percentile) EPSS:

Subrion CMS Cross-site Scripting vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:intelliants/subrion <= 4.2.1 No known fixed version
0 Dependent packages
4 Dependent repositories
129 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

References: