Lucene search

[email protected]NVD:CVE-2021-43724

HistoryFeb 24, 2022 - 3:15 p.m.

CVE-2021-43724

2022-02-2415:15:23

CWE-79

[email protected]

web.nvd.nist.gov

subrion cms

cross site scripting

xss

sgv file

admin account

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

Affected configurations

Nvd

Node

intelliantssubrion_cmsRange≤4.2.1

VendorProductVersionCPE
intelliantssubrion_cms*cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelliants	subrion_cms	*	cpe:2.3:a:intelliants:subrion_cms::::::::

References

github.com/intelliants/subrion/issues/890

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2021-43724

cve1 osv1 veracode1 prion1 cvelist1