Headline
GHSA-646r-8fcc-p82r: Subrion CMS vulnerable to Cross-site Scripting
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
Subrion CMS vulnerable to Cross-site Scripting
Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023
Related news
CVE-2023-43875: CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/README.md at main · sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.