Security Advisory
CVE-2020-35437
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.