intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject arbitrary Javascript into a victim’s browser via the titles[en]
parameter in _core/admin/pages/add/
to steal session cookies or perform unwanted actions on behalf of the user.