An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the “id” HTTP GET parameter passed to the “core/admin/adjax/dashboard/check-module-integrity.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CPE | Name | Operator | Version |
---|---|---|---|
bigtree-cms | eq | 4.2.8 | |
bigtree-cms | eq | 4.0b7 | |
bigtree-cms | eq | 4.1.3 | |
bigtree-cms | eq | 4.0beta5 | |
bigtree-cms | eq | 4.2.2 | |
bigtree-cms | eq | 4.2.10 | |
bigtree-cms | eq | 4.0.3 | |
bigtree-cms | eq | 4.0beta4 | |
bigtree-cms | eq | 4.2.11 | |
bigtree-cms | eq | 4.0b1 |