CVE-2018-15563

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the titles[en] parameter in the core/admin/pages/add/ endpoint. This allows for potential malicious script injection.

Recommendations For Subrion CMS version 4.2.1, as a temporary workaround, consider restricting access to the core/admin/pages/add/ endpoint until a patch is available. Avoid using the titles[en] parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.