intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject arbitrary Javascript into a victim’s browser via the titles[en]
parameter in _core/admin/pages/add/
to steal session cookies or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
intelliants/subrion | eq | 4.2.1 |