A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
References:GSA_kwCzR0hTQS03dmZmLXJ2MmYtY2o3Oc4AA2H8
Subrion CMS Cross-site Scripting vulnerability
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:intelliants/subrion | <= 4.2.1 | No known fixed version | |
Affected Version RangesAll affected versions4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1 |