CVE-2017-6002

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.0.5.10

Description The issue allows an attacker to perform a CSRF attack on the "admin/blog/add/" endpoint, enabling them to add any blog entry. Additionally, the attacker can insert XSS into the blog entry via the body parameter.

Recommendations For Subrion CMS version 4.0.5.10, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized requests to the "admin/blog/add/" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation. Avoid using the body parameter in the affected endpoint until the issue is resolved.