CVE-2017-6066

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.0.5

Description The issue allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the "admin/languages/edit/1/" endpoint, enabling them to execute any Edit Language action. Additionally, the attacker can potentially insert Cross-Site Scripting (XSS) via the title parameter.

Recommendations For Subrion CMS version 4.0.5, as a temporary workaround, consider disabling the edit language functionality in the admin panel until a patch is available. Restrict access to the "admin/languages/edit/1/" endpoint to minimize the risk of exploitation. Avoid using the title parameter in the affected endpoint until the issue is resolved.