PT-2020-10414 · Subrion · Subrion Cms

Published

2020-05-15

Updated

2022-05-24

CVE-2019-20389

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description A remote attacker can inject arbitrary JavaScript code in the v[language switch] parameter within the "/panel/configuration/general" settings page, which is reflected back within a user's browser without proper output encoding. This allows for the execution of malicious scripts.

Recommendations For Subrion CMS version 4.2.1, consider disabling the v[language switch] parameter in the "/panel/configuration/general" settings page until a patch is available. Restrict access to this page to minimize the risk of exploitation. Avoid using the v[language switch] parameter in the affected page until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20389

GHSA-XVGX-668J-F67P

Affected Products

Subrion Cms

PT-2020-10414 · Subrion · Subrion Cms

CVE-2019-20389

Weakness Enumeration

Related Identifiers

Affected Products

References · 7