CVE-2017-6002

EUVD-2017-15070
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
intelliantssubrion_cms
4.0.5.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.yiwang6.cn/Subrion.docx
http://www.yiwang6.cn/Subrion.docx