First published: Thu Sep 28 2023(Updated: )
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelliants Subrion | =4.2.1 | |
composer/intelliants/subrion | <=4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43884 is a Cross-site scripting (XSS) vulnerability in the Reference ID feature of Subrion v4.2.1, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the 'Reference ID' parameter.
CVE-2023-43884 has a severity rating of medium with a CVSSv3 score of 5.4.
CVE-2023-43884 affects Subrion v4.2.1 by allowing attackers to execute arbitrary web scripts or HTML through a crafted payload injected into the 'Reference ID' parameter of the Transactions panel.
To fix CVE-2023-43884, it is recommended to update Subrion to a version that includes a patch for the vulnerability. Ensure that the 'Reference ID' parameter is properly sanitized to prevent potential XSS attacks.
More information about CVE-2023-43884 can be found at the following link: [https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1]