First published: Mon Aug 29 2022(Updated: )
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion CMS | =4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-37059 is medium with a CVSS score of 4.8.
CVE-2022-37059 allows an attacker to inject arbitrary code via the Login Field in the Admin Panel of Subrion CMS 4.2.1.
An attacker can exploit CVE-2022-37059 by injecting arbitrary code into the Login Field of the Admin Panel to perform Cross-Site Scripting (XSS) attacks.
Yes, an update to Subrion CMS version 4.2.2 or newer addresses the vulnerability and should be applied.
More information about CVE-2022-37059 can be found at the following URL: https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing