GHSA-jv64-2m3x-6v4q

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-jv64-2m3x-6v4q/GHSA-jv64-2m3x-6v4q.json
Aliases
  • CVE-2021-41948
Published
2022-04-30T00:00:36Z
Modified
2022-07-26T21:29:36Z
Details

A cross-site scripting (XSS) vulnerability exists in the contact us plugin for Subrion CMS <= 4.2.1 version via List of subjects. This can be exploited by someone with administrative privileges when they log in to the admin panel.

References

Affected packages

Packagist / intelliants/subrion

intelliants/subrion

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 4.2.1"
}