GHSA-jvq4-cgfw-jgf4

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-jvq4-cgfw-jgf4/GHSA-jvq4-cgfw-jgf4.json
Aliases
  • CVE-2021-41502
Published
2022-06-12T00:00:44Z
Modified
2022-06-20T21:57:36Z
Details

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

References

Affected packages

Packagist / intelliants/subrion

intelliants/subrion

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 4.2.1"
}