Aq-Xiaobai

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. This vulnerability can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the `onerror` attribute. **Recommendations** For Subrion CMS version 4.2.1, as a temporary workaround, consider restricting the upload of images or validating the image names to prevent malicious code execution. Additionally, avoid using the `onerror` attribute in image tags until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.