CVE-2017-6002

Subrion CMS 4.0.5.10 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in admin/blog/add/. An attacker can exploit CSRF to add arbitrary blog entries and may inject XSS into the created entry via the body parameter. The vulnerability is documented in multiple sources (e.g., CNVD-20...