CVE-2018-11317: Subrion CMS XSS
6.1
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.47285%
CWE
Published
5/24/2022
Updated
10/5/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
intelliants/subrion | composer | < 4.1.4 | 4.1.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper XML escaping in sitemap generation. The _xmlify method directly injects URL values into XML templates using str_replace, without applying htmlspecialchars or equivalent encoding. The _validate method only handles URL formatting, not sanitization. Together, these allow unescaped user-controlled input (e.g., from custom page URLs) to be reflected in the sitemap.xml output. The GitHub advisory explicitly links to lines 79-83 in ia.admin.sitemap.php, which correspond to the URL injection logic in _xmlify. The patch in v4.1.4 likely added proper XML escaping to these functions.