Cross-Site Scripting Vulnerability in Subrion by dpuenteramirez
CVE-2023-43884

5.4MEDIUM

Key Information:

Vendor

Intelliants

Status
Subrion
Vendor
CVE Published:
28 September 2023

What is CVE-2023-43884?

A Cross-Site Scripting (XSS) vulnerability exists in Subrion v4.2.1 that enables attackers to inject arbitrary web scripts or HTML through a specially crafted payload in the 'Reference ID' field from the Transactions panel. This vulnerability can lead to unauthorized access and manipulation of web content, posing significant security risks for users and administrators.

References

https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.