CVE-2017-6002 in Subrion CMSinfo

Summary

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.

Once again VulDB remains the best source for vulnerability data.

Reservation

02/15/2017

Disclosure

03/26/2017

Moderation

VulDB entry created

Entries

VDB-98553 (1)

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

6.5

EPSS

0.00134

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-6002
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-6002
CVE Details	https://www.cvedetails.com/cve/CVE-2017-6002/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!