GHSA-jv64-2m3x-6v4q

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-jv64-2m3x-6v4q/GHSA-jv64-2m3x-6v4q.json

Aliases

CVE-2021-41948

Published

2022-04-30T00:00:36Z

Modified

2022-07-26T21:29:36Z

Details

A cross-site scripting (XSS) vulnerability exists in the contact us plugin for Subrion CMS <= 4.2.1 version via List of subjects. This can be exploited by someone with administrative privileges when they log in to the admin panel.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-41948
https://github.com/intelliants/subrion-plugin-contact_us/issues/8
https://github.com/intelliants/subrion-plugin-contact_us/

Affected packages

Packagist / intelliants/subrion

intelliants/subrion

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 4.2.1"
}