CVE-2023-43828

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 79

Summary

CVE-2023-43828 is a newly disclosed Cross-site scripting (XSS) vulnerability affecting Subrion Content Management System version 4.2.1. This issue resides in the /panel/languages/ section where a crafted payload can be injected into the 'Title' parameter. attackers can exploit this flaw to execute arbitrary web scripts or HTML, posing a significant security risk. Successful exploitation may lead to unauthorized account takeover, data theft, or site defacement. Users are advised to upgrade to the latest version of Subrion to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/syX26X
https://www.cve.org/CVERecord?id=CVE-2023-43828
https://nvd.nist.gov/vuln/detail/CVE-2023-43828

Back to Vulnerability Database

CVE-2023-43828

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations