CVE-2021-41502 Information

Description

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image closing the html tag or adding the onerror attribute.

Reference

https://github.com/intelliants/subrion/issues/885