Description
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2017-18381 | Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users. |
References
| Link | Providers |
|---|---|
| https://github.com/bigtreecms/BigTree-CMS/issues/294 |
|
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T23:02:10.782Z
Reserved: 2017-06-06T00:00:00.000Z
Link: CVE-2017-9448
No data.
Status : Modified
Published: 2017-06-06T15:29:00.183
Modified: 2026-06-17T01:28:07.510
Link: CVE-2017-9448
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD