First published: Fri Apr 09 2021(Updated: )
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion | <=4.2.1 | |
composer/intelliants/subrion | <=4.2.1 | |
<=4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-23761.
The severity of CVE-2020-23761 is medium with a CVSS score of 6.1.
The affected software is subrion CMS version 4.2.1 and earlier.
The vulnerability allows remote attackers to execute arbitrary web scripts by injecting malicious code through the "payment gateway" column on the transactions tab.
Yes, you can find references for this vulnerability at the following URLs: [http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version](http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version), [https://subrion.org/](https://subrion.org/).