CVE-2017-9548

2017-06-12T06:29:00
ID CVE-2017-9548
Type cve
Reporter cve@mitre.org
Modified 2017-06-15T15:40:00

Description

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).