CVE-2017-6068

Publication date

2017-03-27 01:55:00

Family

mitre

State

PUBLISHED

Description

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.