CVE-2021-41948
published 2022-04-29CVE-2021-41948: A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.47%
36.9th percentile
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | <= 4.2.1 | — |
| intelliants | subrion | 0 – 4.2.1 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
ghsa·2022-04-30
CVE-2021-41948 [MEDIUM] CWE-79 Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
A cross-site scripting (XSS) vulnerability exists in the `contact us` plugin for Subrion CMS <= 4.2.1 version via `List of subjects`. This can be exploited by someone with administrative privileges when they log in to the admin panel.
OSV
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
osv·2022-04-30
CVE-2021-41948 [MEDIUM] Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
A cross-site scripting (XSS) vulnerability exists in the `contact us` plugin for Subrion CMS <= 4.2.1 version via `List of subjects`. This can be exploited by someone with administrative privileges when they log in to the admin panel.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-29
Published