CVE-2022-43120

Name of the Vulnerable Software and Affected Versions Intelliants Subrion CMS version 4.2.1

Description A cross-site scripting (XSS) issue in the "/panel/fields/add" component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

Recommendations For Intelliants Subrion CMS version 4.2.1, consider disabling access to the "/panel/fields/add" component until a patch is available to prevent exploitation. Restrict the ability to inject crafted payloads into the Field default value text field to minimize risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.