admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
References
| Link | Resource |
|---|---|
| https://github.com/bigtreecms/BigTree-CMS/issues/297 | Issue Tracking Patch Third Party Advisory |
| https://github.com/bigtreecms/BigTree-CMS/issues/297 | Issue Tracking Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 03:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/bigtreecms/BigTree-CMS/issues/297 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2017-06-12 06:29
Updated : 2024-11-21 03:36
NVD link : CVE-2017-9547
Mitre link : CVE-2017-9547
CVE.ORG link : CVE-2017-9547
JSON object : View
Products Affected
bigtreecms
- bigtree_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')