Miggo Logo

CVE-2018-11317: Subrion CMS XSS

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.47285%
Published
5/24/2022
Updated
10/5/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
intelliants/subrioncomposer< 4.1.44.1.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper XML escaping in sitemap generation. The _xmlify method directly injects URL values into XML templates using str_replace, without applying htmlspecialchars or equivalent encoding. The _validate method only handles URL formatting, not sanitization. Together, these allow unescaped user-controlled input (e.g., from custom page URLs) to be reflected in the sitemap.xml output. The GitHub advisory explicitly links to lines 79-83 in ia.admin.sitemap.php, which correspond to the URL injection logic in _xmlify. The patch in v4.1.4 likely added proper XML escaping to these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Su*rion *MS ***or* *.*.* **s XSS.

Reasoning

T** vuln*r**ility st*ms *rom improp*r XML *s**pin* in sit*m*p **n*r*tion. T** _xmli*y m*t*o* *ir**tly inj**ts URL v*lu*s into XML t*mpl*t*s usin* str_r*pl***, wit*out *pplyin* *tmlsp**i*l***rs or *quiv*l*nt *n*o*in*. T** _v*li**t* m*t*o* only **n*l*s