First published: Sat Dec 26 2020(Updated: )
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion CMS | =4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Subrion CMS 4.2.1 is CVE-2020-35437.
The severity of CVE-2020-35437 is medium, with a CVSS score of 6.1.
CVE-2020-35437 affects Subrion CMS 4.2.1 through a Cross-Site Scripting (XSS) vulnerability in the avatar[path] parameter in a POST request to the /_core/profile/ URI.
To fix CVE-2020-35437 in Subrion CMS 4.2.1, it is recommended to apply the latest security patch or update provided by Intelliants, the developer of Subrion CMS.
Yes, you can find additional information about CVE-2020-35437 in the following references: [Packetstorm Security](http://packetstormsecurity.com/files/160783/Subrion-CMS-4.2.1-Cross-Site-Scripting.html) and [GitHub Issue](https://github.com/intelliants/subrion/issues/880).