Headline
CVE-2023-43830: GitHub - al3zx/xss_financial_subrion_4.2.1: XSS in financial page in Subrion 4.2.1
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit’, ‘Maximum deposit’ and/or 'Maximum balance’.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Resources
- Learning Pathways
- White papers, Ebooks, Webinars
- Customer Stories
- Partners
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Repositories
* Topics
* Trending
* Collections
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Saved searches****Use saved searches to filter your results more quickly
Sign in
Sign up
al3zx / xss_financial_subrion_4.2.1 Public
- Notifications
- Fork 0
- Star 0
XSS in financial page in Subrion 4.2.1
0 stars 0 forks Activity
Star
Notifications
- Code
- Issues
- Pull requests
- Actions
- Projects
- Security
- Insights
More
main
Switch branches/tags
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Clone
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
al3zx Update README.md
a122de0
Sep 19, 2023
Update README.md
a122de0
Git stats
- 3 commits
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
Update README.md
September 19, 2023 11:52
XSS in Subrion 4.2.1 (/panel/configuration/financial/) POC Minimum deposit Maximum deposit Maximum balance
README.md
XSS in Subrion 4.2.1 (/panel/configuration/financial/)
Software link: Subrion CMS 4.2.1 [https://subrion.org/download/]
@author: Alejandro Amorín
Description: Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit’, ‘Maximum deposit’ and/or 'Maximum balance’. The vulnerability is triggered when accesing to /profile/funds/ in the main webpage.
POC****Minimum deposit
Enter to Financial section in the webpage and in ‘Minimum deposit’ set the payload:
Go to main page to /profile/funds:
Maximum deposit
Enter to Financial section in the webpage and in ‘Maximum deposit’ set the payload:
Go to main page to /profile/funds:
Maximum balance
Enter to Financial section in the webpage and in ‘Maximum balance’ set the payload:
Go to main page to /profile/funds:
About
XSS in financial page in Subrion 4.2.1
Resources
Readme
Activity
Stars
0 stars
Watchers
1 watching
Forks
0 forks
Report repository
Releases
No releases published
Packages
No packages published
Related news
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.