Subrion CMS vulnerable to CSRF in admin/blocks/add

2022-05-1401:22:02

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

JSON

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.

CPENameOperatorVersion
intelliants/subrioneq4.0.2
intelliants/subrioneq4.0.5
intelliants/subrioneq4.0.1
intelliants/subrioneq4.0.0
intelliants/subrioneq4.0.3
intelliants/subrioneq4.0.4

Name	Operator	Version
intelliants/subrion	eq	4.0.2
intelliants/subrion	eq	4.0.5
intelliants/subrion	eq	4.0.1
intelliants/subrion	eq	4.0.0
intelliants/subrion	eq	4.0.3
intelliants/subrion	eq	4.0.4