Ngpentest007

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue concerns a CSRF vulnerability in the panel/modules/plugins/ endpoint. This allows an attacker to remotely activate or deactivate plugins. **Recommendations** For Subrion CMS version 4.2.1, consider disabling access to the `panel/modules/plugins/` endpoint until a patch is available to prevent remote activation or deactivation of plugins. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue allows for XSS via the `panel/phrases/` endpoint, specifically through the `VALUE` parameter. **Recommendations** For Subrion CMS version 4.2.1, update to a newer version that contains a fix for this issue.