# Exploit Title: Subrion CMS 4.2.1 - 'avatar[path]' XSS # Date: 2020-12-15 # Exploit Author: icekam # Vendor Homepage: https://subrion.org/ <https://www.icekam.com/> # Software Link: https://github.com/intelliants/subrion # Version: Subrion CMS 4.2.1 # CVE : CVE-2020-35437 stored xss vulnerability in /_core/profile/. Reproduce through the avatar[path] parameter in post /_core/profile/ url. payload:"><sCrIpT>alert(1)</sCrIpT> https://github.com/intelliants/subrion/issues/880
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
