CVE-2025-70958

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The installation module of Subrion CMS contains reflected cross-site scripting (XSS) flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs by injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.

Recommendations Apply a fix or update to a newer version of Subrion CMS. As a temporary workaround, sanitize the dbuser, dbpwd, and dbname parameters during the installation process to prevent the injection of malicious scripts.