Primary

Context

Subrion CMS Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the installation module of Subrion CMS version 4.2.1. This vulnerability allows attackers to execute arbitrary JavaScript in the context of the user's browser by injecting a crafted payload into the database username, password, and name parameters.

Impact

Exploitation of this vulnerability allows for arbitrary JavaScript execution in the context of the user's browser, specifically on the installation page. This could lead to the exfiltration of cookies, session tokens, or unauthorized actions being performed on behalf of the user.

Reproduction

To reproduce this vulnerability, access the installation configuration page of Subrion CMS 4.2.1. In the database-related fields (dbuser, dbpwd, dbname), enter a payload that includes a SVG element with an 'onload' event. Submit the form, and if the vulnerability exists, an alert will be triggered, indicating that the JavaScript has been executed.

Added: Feb 2, 2026, 11:42 PM

Updated: Feb 2, 2026, 11:42 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

1.7

exploitability

8.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

1.7

exploitability

8.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Subrion CMS Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Subrion CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating