Cross-Site Scripting Vulnerability in Subrion CMS by Subrion
CVE-2019-20389
6.1MEDIUM
What is CVE-2019-20389?
An XSS vulnerability exists in Subrion CMS 4.2.1 that allows remote attackers to inject arbitrary JavaScript code through the v[language_switch] parameter in multipart/form-data requests. This injected code is reflected back to the user's browser, enabling potential exploitation and unauthorized actions. Proper output encoding is necessary to mitigate this security risk, as the vulnerability can lead to compromised user sessions and manipulation of web content.