Lucene search

GitHub Advisory DatabaseGHSA-VHQR-3GR2-7PX9

HistoryMay 14, 2022 - 2:00 a.m.

Subrion CMS Cross-site Scripting

2022-05-1402:00:54

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).

Affected configurations

Vulners

Node

intelliantssubrionRange<4.2.2

CPENameOperatorVersion
intelliants/subrionlt4.2.2

CPE	Name	Operator	Version
	intelliants/subrion	lt	4.2.2

References

github.com/advisories/GHSA-vhqr-3gr2-7px9

github.com/intelliants/subrion/commit/b12e287d3814c0f2d0b1892f95fc0190972d2ba5

github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47

github.com/intelliants/subrion/issues/773

nvd.nist.gov/vuln/detail/CVE-2018-14840

www.exploit-db.com/exploits/45150/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for GHSA-VHQR-3GR2-7PX9