intelliants/subrion is vulnerable to cross site scripting. The vulnerability exists due to lack of sanitization in the admin-controllable input in fields.php
which allows an attacker to inject and execute malicious HTML and script into the website via malicious payload.