CVE-2023-43884

MEDIUM

Subrion v4.2.1 - XSS

Title source: llm

Description

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

References (1)

Core 1

Core References

Exploit, Product

https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

intelliants/subrion 4.2.1

intelliants/subrion 0Packagist

Published Sep 28, 2023

Tracked Since Feb 18, 2026