CVE-2022-37059: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

August 29, 2022 (updated September 16, 2022)

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field

References

drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing
github.com/advisories/GHSA-rh4r-9689-6xw4
nvd.nist.gov/vuln/detail/CVE-2022-37059

Detect and mitigate CVE-2022-37059 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →