CVE-2018-16629

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue allows for cross-site scripting (XSS) attacks via an SVG file containing JavaScript in a SCRIPT element, specifically affecting the "panel/uploads/#elf l1 XA" endpoint.

Recommendations For Subrion CMS version 4.2.1, consider disabling the "panel/uploads/#elf l1 XA" endpoint until a patch is available to prevent XSS attacks. Restrict access to uploading SVG files to minimize the risk of exploitation. Avoid using the panel/uploads/#elf l1 XA endpoint for uploading files that may contain JavaScript code in a SCRIPT element until the issue is resolved.