# Exploit Title: Subrion CMS 4.2.1 - 'avatar[path]' XSS # Date: 2020-12-15 # Exploit Author: icekam # Vendor Homepage: https://subrion.org/ <https://www.icekam.com/> # Software Link: https://github.com/intelliants/subrion # Version: Subrion CMS 4.2.1 # CVE : CVE-2020-35437 stored xss vulnerability in /_core/profile/. Reproduce through the avatar[path] parameter in post /_core/profile/ url. payload:"><sCrIpT>alert(1)</sCrIpT> https://github.com/intelliants/subrion/issues/880
体验盒子
