CVE-2021-41502
published 2022-06-11CVE-2021-41502: An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.53%
40.5th percentile
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | 0 – 4.2.1 | — |
| intelliants | subrion_cms | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross site scripting in intelliants/subrion
ghsa·2022-06-12
CVE-2021-41502 [MEDIUM] CWE-79 Cross site scripting in intelliants/subrion
Cross site scripting in intelliants/subrion
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
OSV
Cross site scripting in intelliants/subrion
osv·2022-06-12
CVE-2021-41502 [MEDIUM] Cross site scripting in intelliants/subrion
Cross site scripting in intelliants/subrion
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-11
Published