CVE-2014-9120
Subrion CMS is affected by a cross-site scripting (XSS) vulnerability in the search path. Vulnerable until version 3.2.3 (e.g., 3.2.2) due to insufficient sanitization of PATH_INFO in subrion/search/. Exploitation lets remote attackers inject arbitrary script/HTML. The fix is Subrion CMS 3.2.3 or...