Subrion CMS is a PHP-based content management system (CMS) from the Subrion team. A cross-site scripting vulnerability exists in Subrion CMS version 4.2.1 and earlier, which stems from a lack of data validation of user-supplied data and output in the “Contact Us” plugin of the “Topic List”. data and output data validation filtering. An attacker could use this vulnerability to execute JavaScript code on the client side.