CVE-2022-43120 is a cross-site scripting (XSS) vulnerability identified in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1. This vulnerability arises due to insufficient input sanitization in the Field default value text field, allowing an attacker to inject crafted payloads containing arbitrary web scripts or HTML. When a victim user accesses the affected component or page, the malicious script executes in their browser context, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability is exploitable remotely over the network without requiring authentication, but it does require user interaction (the victim must visit the crafted page). The CVSS 3.1 base score is 6.1 (medium severity), reflecting a network attack vector with low attack complexity, no privileges required, but requiring user interaction. The impact affects confidentiality and integrity, with no direct impact on availability. The vulnerability scope is changed (S:C), meaning the attack can affect resources beyond the vulnerable component. No public exploits are currently known in the wild, and no patches have been officially released as per the provided data. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation, a common XSS category. Given that Intelliants Subrion CMS is a content management system, this vulnerability could be leveraged to compromise administrative users or site visitors, potentially leading to broader compromise of the web application or user accounts.

For European organizations using Intelliants Subrion CMS version 4.2.1, this vulnerability poses a moderate risk primarily to web application confidentiality and integrity. Attackers could exploit the XSS flaw to steal session cookies, perform actions on behalf of authenticated users, or deliver malicious payloads to site visitors. This can lead to unauthorized access, data leakage, or reputational damage. Organizations in sectors with high reliance on web presence such as e-commerce, media, education, and government services could face targeted attacks aiming to disrupt trust or harvest sensitive user data. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure victims to maliciously crafted URLs. The absence of known public exploits reduces immediate risk but does not eliminate it, especially as attackers may develop exploits over time. The medium severity score suggests that while the vulnerability is not critical, it should be addressed promptly to prevent exploitation. The impact on availability is negligible, but the potential for integrity and confidentiality breaches could have regulatory implications under GDPR if personal data is compromised.

1. Immediate mitigation involves applying any available patches or updates from Intelliants for Subrion CMS; if no official patch exists, consider upgrading to a later version where the vulnerability is fixed. 2. Implement web application firewall (WAF) rules specifically targeting XSS payload patterns in the /panel/fields/add endpoint to block malicious inputs. 3. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce the impact of injected scripts. 4. Conduct input validation and output encoding on all user-supplied data fields, especially the Field default value text field, to neutralize malicious scripts. 5. Limit administrative access to the CMS panel via IP whitelisting or VPN to reduce exposure. 6. Educate users and administrators about phishing risks and encourage cautious behavior when clicking on links. 7. Monitor web server logs and application logs for unusual requests or payloads targeting the vulnerable component. 8. If feasible, isolate the CMS environment or run it in a sandboxed container to limit lateral movement in case of compromise.