CVE-2019-20389: Subrion CMS XSS
6.1
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
intelliants/subrion | composer | <= 4.2.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability reports describe an XSS issue in Subrion CMS 4.2.1 involving improper output encoding of the v[language_switch]
parameter. However, no specific code snippets, patch diffs, or file paths were disclosed in the advisory details. Without access to the actual implementation code (e.g., the PHP controller handling the /panel/configuration/general
endpoint or the associated template rendering logic), we cannot definitively identify the vulnerable functions (e.g., specific echo statements, template rendering methods, or input sanitization routines). The vulnerability likely stems from missing output encoding in the view layer when rendering the v[language_switch]
value, but the absence of concrete code examples or commit history prevents high-confidence identification of exact functions.