Lucene search

K

GoogleOSV:GHSA-MXV3-QCMF-R6WJ

HistoryMay 14, 2022 - 1:31 a.m.

Subrion CMS XSS

2022-05-1401:31:22

Google

osv.dev

4

subrion cms

xss

svg

javascript

security

EPSS

0.001

Percentile

24.8%

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

References

github.com/intelliants/subrion

github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385

github.com/intelliants/subrion/issues/777

github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf

nvd.nist.gov/vuln/detail/CVE-2018-16629

EPSS

0.001

Percentile

24.8%

Related for OSV:GHSA-MXV3-QCMF-R6WJ

cvelist1 osv1 github1 nvd1 veracode1 prion1 cve1