First published: Wed Sep 27 2023(Updated: )
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion | =4.2.1 | |
composer/intelliants/subrion | <=4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43828 is a Cross-site scripting (XSS) vulnerability in Subrion v4.2.1 that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the 'Title' parameter.
CVE-2023-43828 affects Subrion v4.2.1 by allowing attackers to execute arbitrary web scripts or HTML through the 'Title' parameter in the /panel/languages/ module.
CVE-2023-43828 has a severity level of medium with a CVSS score of 5.4.
To fix CVE-2023-43828 in Subrion v4.2.1, it is recommended to update to a version that has patched the vulnerability or apply any relevant security patches.
Yes, you can find more information about CVE-2023-43828 in the following link: https://github.com/al3zx/xss_languages_subrion_4.2.1