PT-2018-12758 · Intelliants · Subrion Cms

Zeel Chavda

Published

2018-08-02

Updated

2022-05-14

CVE-2018-14840

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue in Subrion CMS allows for XSS due to the uploads/.htaccess file not blocking .html file uploads, while it does block other file types such as .htm.

Recommendations For Subrion CMS version 4.2.1, consider restricting or blocking .html file uploads in the uploads/.htaccess file as a temporary workaround until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-14840

GHSA-VHQR-3GR2-7PX9

Affected Products

Subrion Cms

PT-2018-12758 · Intelliants · Subrion Cms

CVE-2018-14840

Weakness Enumeration

Related Identifiers

Affected Products

References · 8