intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in admin-controllable input caused by the _assignValues
function of fields.php
, which allows an attacker to inject and execute malicious HTML and script code into the web site via the tooltip
text field.