Lucene search

GitHub Advisory DatabaseGHSA-C8MG-WP7H-F2PF

HistoryMay 14, 2022 - 2:57 a.m.

Subrion CMS XSS

2022-05-1402:57:59

CWE-79

GitHub Advisory Database

github.com

subrion cms

v4.2.1

stored xss

vulnerability

tooltip

information

multiple areas

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.7%

JSON

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.

Affected configurations

Vulners

Node

intelliantssubrionRange≤4.2.1

VendorProductVersionCPE
intelliantssubrion*cpe:2.3:a:intelliants:subrion:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelliants	subrion	*	cpe:2.3:a:intelliants:subrion::::::::

References

github.com/advisories/GHSA-c8mg-wp7h-f2pf

github.com/intelliants/subrion/commit/a33a224c6c9e25144d828f92f6141c719215094b

github.com/intelliants/subrion/issues/760

github.com/intelliants/subrion/pull/763

nvd.nist.gov/vuln/detail/CVE-2018-14835

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.7%

JSON

Related for GHSA-C8MG-WP7H-F2PF