Lucene search

GitHub Advisory DatabaseGHSA-646R-8FCC-P82R

HistoryOct 20, 2023 - 12:30 a.m.

Subrion CMS vulnerable to Cross-site Scripting

2023-10-2000:30:24

CWE-79

GitHub Advisory Database

github.com

subrion cms

cross-site scripting

vulnerabilities

installation

local attacker

arbitrary web scripts

crafted payload

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

Affected configurations

Vulners

Node

intelliantssubrionRange≤4.2.1

VendorProductVersionCPE
intelliantssubrion*cpe:2.3:a:intelliants:subrion:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelliants	subrion	*	cpe:2.3:a:intelliants:subrion::::::::

References

github.com/advisories/GHSA-646r-8fcc-p82r

github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md

github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md

nvd.nist.gov/vuln/detail/CVE-2023-43875

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Related for GHSA-646R-8FCC-P82R