CVE-2022-43121: n/a in n/a
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
AI Analysis
Technical Summary
CVE-2022-43121 is a cross-site scripting (XSS) vulnerability identified in the CMS Field Add page of Intelliants Subrion CMS version 4.2.1. This vulnerability arises due to insufficient input sanitization of the tooltip text field, allowing an attacker to inject arbitrary web scripts or HTML content. When a crafted payload is submitted into this field, it can be executed in the context of a user’s browser session who views the affected page. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without any privileges, but requires user interaction (i.e., the victim must visit or interact with the maliciously crafted page). The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality and integrity to a limited extent, with no impact on availability. No known exploits are currently reported in the wild, and no official patches or vendor advisories are linked, which may indicate either a lack of public disclosure or delayed remediation. The vulnerability primarily targets web administrators or users who have access to the CMS Field Add page, potentially allowing attackers to steal session cookies, perform actions on behalf of the user, or manipulate displayed content, leading to further compromise or phishing attacks within the affected CMS environment.
Potential Impact
For European organizations using Intelliants Subrion CMS version 4.2.1, this vulnerability poses a moderate risk. Successful exploitation could lead to session hijacking, unauthorized actions within the CMS, or distribution of malicious content to users, undermining trust and potentially exposing sensitive data. Organizations in sectors with high reliance on web content management—such as media, education, and government—may face reputational damage and operational disruptions. The vulnerability’s requirement for user interaction limits mass exploitation but targeted attacks against administrators or privileged users could facilitate further compromise. Given the CMS’s role in managing website content, integrity breaches could result in defacement or misinformation dissemination. Confidentiality impacts, while limited, could expose administrative credentials or sensitive configuration details. The absence of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop proof-of-concept code. European entities with public-facing websites using this CMS should be vigilant, as exploitation could also affect end-users and customers through malicious script execution.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the CMS Field Add page to trusted administrators only, using IP whitelisting or VPN access to reduce exposure. 2. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting tooltip fields. 3. Conduct thorough input validation and output encoding on all user-supplied data, especially tooltip text fields, to neutralize script injection attempts. 4. If possible, upgrade to a newer, patched version of Intelliants Subrion CMS once available; monitor vendor channels for official patches or security advisories. 5. Educate CMS users and administrators about the risks of clicking on untrusted links or interacting with suspicious content within the CMS interface. 6. Regularly audit CMS logs for unusual activities or repeated failed attempts to inject scripts. 7. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 8. For organizations unable to immediately patch, consider disabling or limiting the tooltip feature in the CMS configuration as a temporary workaround.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Austria
CVE-2022-43121: n/a in n/a
Description
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
AI-Powered Analysis
Technical Analysis
CVE-2022-43121 is a cross-site scripting (XSS) vulnerability identified in the CMS Field Add page of Intelliants Subrion CMS version 4.2.1. This vulnerability arises due to insufficient input sanitization of the tooltip text field, allowing an attacker to inject arbitrary web scripts or HTML content. When a crafted payload is submitted into this field, it can be executed in the context of a user’s browser session who views the affected page. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without any privileges, but requires user interaction (i.e., the victim must visit or interact with the maliciously crafted page). The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality and integrity to a limited extent, with no impact on availability. No known exploits are currently reported in the wild, and no official patches or vendor advisories are linked, which may indicate either a lack of public disclosure or delayed remediation. The vulnerability primarily targets web administrators or users who have access to the CMS Field Add page, potentially allowing attackers to steal session cookies, perform actions on behalf of the user, or manipulate displayed content, leading to further compromise or phishing attacks within the affected CMS environment.
Potential Impact
For European organizations using Intelliants Subrion CMS version 4.2.1, this vulnerability poses a moderate risk. Successful exploitation could lead to session hijacking, unauthorized actions within the CMS, or distribution of malicious content to users, undermining trust and potentially exposing sensitive data. Organizations in sectors with high reliance on web content management—such as media, education, and government—may face reputational damage and operational disruptions. The vulnerability’s requirement for user interaction limits mass exploitation but targeted attacks against administrators or privileged users could facilitate further compromise. Given the CMS’s role in managing website content, integrity breaches could result in defacement or misinformation dissemination. Confidentiality impacts, while limited, could expose administrative credentials or sensitive configuration details. The absence of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop proof-of-concept code. European entities with public-facing websites using this CMS should be vigilant, as exploitation could also affect end-users and customers through malicious script execution.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the CMS Field Add page to trusted administrators only, using IP whitelisting or VPN access to reduce exposure. 2. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting tooltip fields. 3. Conduct thorough input validation and output encoding on all user-supplied data, especially tooltip text fields, to neutralize script injection attempts. 4. If possible, upgrade to a newer, patched version of Intelliants Subrion CMS once available; monitor vendor channels for official patches or security advisories. 5. Educate CMS users and administrators about the risks of clicking on untrusted links or interacting with suspicious content within the CMS interface. 6. Regularly audit CMS logs for unusual activities or repeated failed attempts to inject scripts. 7. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 8. For organizations unable to immediately patch, consider disabling or limiting the tooltip feature in the CMS configuration as a temporary workaround.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbeca3a
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 6/25/2025, 8:42:37 PM
Last updated: 7/31/2025, 10:46:23 AM
Views: 12
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.