CVE-2023-43884

Name of the Vulnerable Software and Affected Versions Subrion version 4.2.1

Description A Cross-site scripting (XSS) vulnerability in the Reference ID from the panel Transactions of Subrion allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Reference ID parameter. This issue enables attackers to potentially manipulate the web application's behavior.

Recommendations For Subrion version 4.2.1, as a temporary workaround, consider restricting access to the Reference ID parameter in the Transactions panel until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.