CVE-2019-17225

Name of the Vulnerable Software and Affected Versions Subrion version 4.2.1

Description The issue allows for XSS attacks through the panel/members/ endpoint, specifically via the Username, Full Name, or Email fields. This is related to an "Admin Member JSON Update" issue.

Recommendations For Subrion version 4.2.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the panel/members/ endpoint to minimize the risk of exploitation. Avoid using the Username, Full Name, or Email fields in this endpoint until the issue is resolved.