Cross Site Scripting Vulnerability in Subrion CMS by Intelliants
CVE-2020-35437

6.1MEDIUM

Key Information:

Vendor

Intelliants

Status
Subrion Cms
Vendor
CVE Published:
26 December 2020

What is CVE-2020-35437?

Subrion CMS version 4.2.1 is susceptible to a Cross Site Scripting (XSS) vulnerability, which arises from improper validation of the avatar[path] parameter during a POST request to the /_core/profile/ URI. This flaw allows attackers to inject malicious scripts, potentially compromising user sessions and sensitive data.

References

https://github.com/intelliants/subrion/issues/880
x_refsource_MISC
http://packetstormsecurity.com/files/160783/Subrion-CMS-4...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.