header-logo
Suggest Exploit
vendor:
Subrion CMS
by:
Sinem Sahin
5.5
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Subrion CMS
Affected Version From: 4.2.2001
Affected Version To: 4.2.2001
Patch Exists: NO
Related CWE:
CPE: a:intelliants:subrion:4.2.1
Metasploit:
Other Scripts:
Platforms Tested: Windows & XAMPP
2022

Subrion CMS 4.2.1 – Stored Cross-Site Scripting (XSS)

The Subrion CMS version 4.2.1 is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious code into the tooltip value of the field add page, which will be executed when a user views the page. This can lead to various attacks, such as stealing sensitive information or performing actions on behalf of the user.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before displaying it on web pages. Implementing input validation and output encoding can help prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)
# Date: 2022-08-10
# Exploit Author: Sinem Şahin
# Vendor Homepage: https://intelliants.com/
# Version: 4.2.1
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Go to the following url. => http://(HOST)/panel/fields/add
2- Write XSS Payload into the tooltip value of the field add page.
3- Press "Save" button.
4- Go to the following url. => http://(HOST)/panel/members/add

XSS Payload ==> "<script>alert("field_tooltip_XSS")</script> 

Reference: ://github.com/intelliants/subrion/issues/895

Navigation

Suggest Exploit

Services By CQR