Cross-Site Scripting Vulnerability in Subrion CMS by Subrion
CVE-2023-43828

5.4MEDIUM

Key Information:

Vendor: Intelliants
Status: Subrion
Vendor: CVE Published:; 27 September 2023

🔔 Create Intelliants Vulnerability Alert

What is CVE-2023-43828?

A Cross-site scripting (XSS) vulnerability exists in the Subrion CMS version 4.2.1, specifically within the '/panel/languages/' directory. This flaw allows attackers to inject and execute arbitrary web scripts or HTML by crafting a malicious payload targeting the 'Title' parameter. When exploited, this vulnerability can compromise the integrity and security of the web application, potentially leading to unauthorized actions or data exposure.

References

https://github.com/al3zx/xss_languages_subrion_4.2.1

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 25, 2023