CVE-2017-6068

描述

Subrion CMS 4.0.5 has CSRF in `admin/blocks/add/`. The attacker can create any block, and can optionally insert XSS via the content parameter.

受影響套件(1)

• Packagist/intelliants/subrionfrom 0, <= 4.0.5

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-6068
• PATCHhttps://github.com/intelliants/subrion
• WEBhttps://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091