intelliants/subrion CMS is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the Site Title
parameter in panel/configuration/general
, to steal session tokens or perform unwanted action on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
intelliants/subrion | le | 4.2.1 |