Cross-Site Scripting Vulnerability in Subrion CMS by Intelliants

CVE-2019-11406

What is CVE-2019-11406?

Subrion CMS version 4.2.1 contains a cross-site scripting (XSS) vulnerability in the core contacts component. The flaw allows attackers to inject malicious scripts via the 'name', 'email', or 'phone' parameters, which may lead to unauthorized actions or information disclosure. Proper sanitization and validation of user inputs are essential to mitigate this vulnerability.

References