PT-2018-13658 · Subrion · Subrion Cms
Published
2018-12-04
·
Updated
2019-02-26
·
CVE-2018-16631
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Subrion CMS version 4.2.1
Description
The issue allows for XSS via the
panel/configuration/general/ endpoint, specifically through the SITE TITLE parameter.Recommendations
For Subrion CMS version 4.2.1, update the software to a version that includes a fix for this issue, or as a temporary workaround, consider restricting access to the
panel/configuration/general/ endpoint to minimize the risk of exploitation. Avoid using the SITE TITLE parameter in this endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Subrion Cms