First published: Wed Sep 27 2023(Updated: )
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion | =4.2.1 | |
composer/intelliants/subrion | <=4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43830 is a Cross-site scripting (XSS) vulnerability in Subrion v4.2.1 that allows attackers to execute arbitrary web scripts or HTML.
CVE-2023-43830 works by allowing attackers to inject a crafted payload into the 'Minimum deposit', 'Maximum deposit', and/or 'Maximum balance' fields in /panel/configuration/financial/ of Subrion v4.2.1.
The severity of CVE-2023-43830 is medium with a CVSS score of 5.4.
To fix CVE-2023-43830, it is recommended to update Subrion to a version that addresses the vulnerability and follows best practices for secure coding.
You can find more information about CVE-2023-43830 on the following references: [GitHub Advisory](https://github.com/al3zx/xss_financial_subrion_4.2.1), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-43830), [GitHub Security Advisory](https://github.com/advisories/GHSA-q832-2275-rfqh).