CVE-2023-43830

Name of the Vulnerable Software and Affected Versions Subrion version 4.2.1

Description A Cross-site scripting (XSS) issue exists in the /panel/configuration/financial/ endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: Minimum deposit, Maximum deposit, and/or Maximum balance.

Recommendations For Subrion version 4.2.1, as a temporary workaround, consider restricting access to the /panel/configuration/financial/ endpoint and avoid using the Minimum deposit, Maximum deposit, and Maximum balance fields until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.