CVE-2023-43830 in Subrion CMS
Summary
by MITRE • 10/25/2023
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/19/2025
This vulnerability represents a critical cross-site scripting flaw in the Subrion content management system version 4.2.1 affecting the financial configuration panel. The issue resides in the /panel/configuration/financial/ endpoint where user input fields for 'Minimum deposit', 'Maximum deposit', and 'Maximum balance' fail to properly sanitize or escape malicious content. Attackers can exploit this weakness by injecting crafted scripts or HTML code into these fields during configuration updates, which then execute in the context of other users' browsers when they access the affected pages.
The technical nature of this vulnerability aligns with CWE-79 - Improper Neutralization of Input During Web Page Generation, specifically manifesting as a reflected XSS attack vector. This classification indicates that the application does not adequately validate or escape user-supplied data before incorporating it into dynamic web content. The attack surface is particularly concerning as it targets administrative configuration fields that are likely accessed by privileged users with elevated system permissions, potentially enabling attackers to escalate their privileges or access sensitive financial data.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to steal session cookies, perform unauthorized transactions, or redirect users to malicious websites. When administrative users interact with the compromised financial configuration panel, their browsers execute the injected payloads, potentially allowing attackers to hijack admin sessions or manipulate financial settings. The vulnerability affects the core financial management functionality of the platform, making it particularly attractive to threat actors seeking to compromise monetary systems or extract financial information.
Security mitigations for this vulnerability should focus on implementing robust input validation and output encoding mechanisms throughout the application's data flow. The recommended approach includes implementing strict sanitization of all user inputs in the affected configuration fields, applying proper HTML escaping before rendering any user-supplied content, and implementing Content Security Policy headers to prevent unauthorized script execution. Additionally, the application should enforce proper access controls and audit logging for configuration changes, ensuring that any modifications to financial parameters are properly authenticated and tracked. Organizations should also consider implementing web application firewalls and regular security scanning to detect and prevent exploitation attempts. This vulnerability demonstrates the importance of following secure coding practices and adheres to ATT&CK technique T1566.001 - Phishing: Spearphishing Attachment, as attackers could leverage this vulnerability to deliver malicious payloads through compromised administrative sessions.