GSA_kwCzR0hTQS1xNGg1LWczdzgtZjl4N84AAT6a

High EPSS: 0.00207% (0.4342 Percentile) EPSS:

Permalink JSON

Subrion CMS vulnerable to CSRF in admin/blocks/add

Affected Packages	Affected Versions	Fixed Versions
packagist:intelliants/subrion	<= 4.0.5	No known fixed version
0 Dependent packages 4 Dependent repositories 129 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.

References: