4 matches found
CVE-2018-16629
panel/uploads/elfl1XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...
CVE-2018-16629
panel/uploads/elfl1XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...
CVE-2018-16629
CVE-2018-16629 describes an XSS vulnerability in Subrion CMS v4.2.1, triggered by an SVG file containing JavaScript in a SCRIPT element uploaded to the path panel/uploads/#elf_l1_XA. The core issue is an SVG handling path that allows script execution, enabling potential arbitrary code execution w...
CVE-2018-16629
panel/uploads/elfl1XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...