Cross-Site Request Forgery in Subrion CMS Affects Website Security
CVE-2017-6002

8.8HIGH

Key Information:

Vendor: Intelliants
Status: Subrion Cms
Vendor: CVE Published:; 27 March 2017

🔔 Create Intelliants Vulnerability Alert

What is CVE-2017-6002?

The Subrion CMS 4.0.5.10 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability located in the admin/blog/add/ endpoint. This flaw allows an attacker to create unauthorized blog entries, possibly embedding Cross-Site Scripting (XSS) payloads within the body of the blog post. This could lead to malicious content being executed in the context of the user’s session, highlighting significant security oversights in the application's management of user requests.

References

http://www.yiwang6.cn/Subrion.docx

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2017
Vulnerability Reserved
Feb 15, 2017