al3zx/xss_financial_subrion_4.2.1
GitHub
Releases0
XSS in financial page in Subrion 4.2.1
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.4 MEDIUM | — | ||
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. | |||