A cross-site scripting (XSS) vulnerability exists in the contact us plugin for Subrion CMS <= 4.2.1 version via List of subjects. This can be exploited by someone with administrative privileges when they log in to the admin panel.
contact us
List of subjects
intelliants/subrion
{ "last_known_affected_version_range": "<= 4.2.1" }