CVE-2023-43830
published 2023-09-27CVE-2023-43830: A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a…
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.50%
38.7th percentile
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | — | — |
| intelliants | subrion | 0 – 4.2.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Liferay Portal is vulnerable to Stored XSS through Forms text type field
ghsa·2025-10-08
CVE-2025-43830 [MEDIUM] CWE-79 Liferay Portal is vulnerable to Stored XSS through Forms text type field
Liferay Portal is vulnerable to Stored XSS through Forms text type field
Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form with a rich text type field.
OSV
Subrion CMS XSS in /panel/configuration/financial/
osv·2023-09-27
CVE-2023-43830 [MEDIUM] Subrion CMS XSS in /panel/configuration/financial/
Subrion CMS XSS in /panel/configuration/financial/
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
GHSA
Subrion CMS XSS in /panel/configuration/financial/
ghsa·2023-09-27
CVE-2023-43830 [MEDIUM] CWE-79 Subrion CMS XSS in /panel/configuration/financial/
Subrion CMS XSS in /panel/configuration/financial/
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-27
Published