intelliants/subrion CMS is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victimβs browser via the Site Title
parameter in panel/configuration/general
, to steal session tokens or perform unwanted action on behalf of the user.