Cross-Site Scripting Vulnerability in Subrion by Al3zx
CVE-2023-43830

5.4MEDIUM

Key Information:

Vendor: Intelliants
Status: Subrion
Vendor: CVE Published:; 27 September 2023

🔔 Create Intelliants Vulnerability Alert

What is CVE-2023-43830?

A Cross-site Scripting (XSS) vulnerability in Subrion v4.2.1 allows attackers to inject malicious scripts or HTML into various fields under /panel/configuration/financial/. Specifically, inputs such as 'Minimum deposit', 'Maximum deposit', and 'Maximum balance' are susceptible to crafted payloads, potentially leading to unauthorized script execution on user browsers.

References

https://github.com/al3zx/xss_financial_subrion_4.2.1

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 25, 2023