GHSA-jrvr-gmqv-hgrh

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-jrvr-gmqv-hgrh/GHSA-jrvr-gmqv-hgrh.json

Aliases

CVE-2022-43121

Published

2022-11-09T19:02:23Z

Modified

2023-03-18T05:09:11.915181Z

Details

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-43121
https://github.com/intelliants/subrion/issues/895
https://github.com/intelliants/subrion

Affected packages

Packagist / intelliants/subrion

intelliants/subrion

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.2.0

v4.2.1

Database specific

{
    "last_known_affected_version_range": "<= 4.2.1"
}