CVE-2021-41502

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/intelliants/subrion

Identifiers

GHSA-jvq4-cgfw-jgf4, CVE-2021-41502

Package Slug

packagist/intelliants/subrion

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

Affected Versions

All versions up to 4.2.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-06-17

source