cbcvebase.
CVE-2023-43830
published 2023-09-27

CVE-2023-43830: A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a…

PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.50%
38.7th percentile
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.

Affected

2 ranges
VendorProductVersion rangeFixed in
intelliantssubrion
intelliantssubrion0 – 4.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.