CVE-2022-43121

Name of the Vulnerable Software and Affected Versions Intelliants Subrion CMS version 4.2.1

Description A cross-site scripting (XSS) issue in the CMS Field Add page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For Intelliants Subrion CMS version 4.2.1, consider removing or restricting the ability to inject content into the tooltip text field until a patch is available. As a temporary workaround, restrict access to the CMS Field Add page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.