intelliants/subrion is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of username
, email
, and fullname
is not sanitized, allowing an attacker to inject arbitrary Javascript into a victim’s browser via the affected parameters.