Subrion CMS vulnerable to Cross-site Scripting
Moderate severity
GitHub Reviewed
Published
Oct 20, 2023
to the GitHub Advisory Database
•
Updated Nov 9, 2023
Description
Published by the National Vulnerability Database
Oct 19, 2023
Published to the GitHub Advisory Database
Oct 20, 2023
Reviewed
Oct 20, 2023
Last updated
Nov 9, 2023
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
References