CVE-2017-6066

Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
References
Link Resource
http://www.yiwang6.cn/Subrion-CSRF.docx Broken Link Third Party Advisory
http://www.securityfocus.com/bid/97087 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:intelliants:subrion_cms:4.0.5:*:*:*:*:*:*:*

Information

Published : 2017-03-26 19:59

Updated : 2019-03-13 06:47


NVD link : CVE-2017-6066

Mitre link : CVE-2017-6066


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

intelliants

  • subrion_cms