First published: Thu Aug 02 2018(Updated: )
`uploads/.htaccess` in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion | =4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14840 is a vulnerability in Subrion CMS 4.2.1 that allows XSS due to the lack of blocking .html file uploads.
CVE-2018-14840 has a severity rating of 6.1 (Medium).
CVE-2018-14840 affects Subrion CMS versions 4.2.1 and prior.
To fix CVE-2018-14840 in Subrion CMS, you need to update to version 4.2.2 or later.
CVE-2018-14840 is associated with CWE ID 79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))