AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into ‘Title’ parameter.
github.com/al3zx/xss_languages_subrion_4.2.1