First published: Sat Jun 11 2022(Updated: )
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion CMS | =4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-41502 is medium with a CVSS score of 5.4.
Subrion CMS version 4.2.1 is affected by CVE-2021-41502.
CVE-2021-41502 is a stored cross-site scripting (XSS) vulnerability.
An attacker can exploit CVE-2021-41502 by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute to execute malicious JavaScript code.
As a workaround, ensure that user-uploaded content is properly validated and sanitized. The vendor has released a patch to address this issue, so it is recommended to update to the latest version of Subrion CMS.