Moderate severityNVD Advisory· Published May 15, 2020· Updated Aug 5, 2024
CVE-2019-20389
CVE-2019-20389
Description
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
intelliants/subrionPackagist | <= 4.2.1 | — |
Affected products
2- Subrion/CMSdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xvgx-668j-f67pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-20389ghsaADVISORY
- packetstormsecurity.com/files/157699/Subrion-CMS-4.2.1-Cross-Site-Scripting.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.