Vulnerability Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As a result, an attacker can inject and execute arbitrary HTML and script code in user's browser in context of a vulnerable website.
SCOPE:
Package: Subrion CMS
Version: 4.2.1
ISSUE: XSS
Vulnerability Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As a result, an attacker can inject and execute arbitrary HTML and script code in user's browser in context of a vulnerable website.
Vulnerability Classification:
CWE: 79
CVSS3Basescore: 6.1
CVSS: 3.5 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Steps To Reproduce:
In title give the payload
Reference: https://cwe.mitre.org/data/definitions/79.html
Mitigations:
The text was updated successfully, but these errors were encountered: