CVE-2017-9548

2017-06-12T02:29:00
ID CVE-2017-9548
Type cve
Reporter NVD
Modified 2017-06-15T11:40:21

Description

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).