GHSA-9jjm-mc56-3qxv

Опубликовано: 03 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.

Ссылки

Пакеты

Наименование

intelliants/subrion

composer

Затронутые версииВерсия исправления

<= 4.2.1

Отсутствует

EPSS

Процентиль: 1%

0.0001

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-70958

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-70958

CVSS3: 6.1

nvd

4 дня назад

Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.

EPSS

Процентиль: 1%

0.0001

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-70958

Дефекты

CWE-79