CVE-2021-41502

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. This vulnerability can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

Recommendations For Subrion CMS version 4.2.1, as a temporary workaround, consider restricting the upload of images or validating the image names to prevent malicious code execution. Additionally, avoid using the onerror attribute in image tags until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.