Headline
GHSA-jv64-2m3x-6v4q: Cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
Cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS
Moderate severity GitHub Reviewed Published Apr 30, 2022 • Updated May 4, 2022
Related news
GHSA-vmp5-c5hp-6c65: Woodpecker allows cross-site scripting (XSS) via build logs
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
GHSA-pxpf-v376-7xx5: tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting (XSS) payload.