Cross site scripting

2023-11-0123:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

bigtree cms

remote execution

developer settings

nvd

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.

CPENameOperatorVersion
bigtree_cmseq4.5.7

CPE	Name	Operator	Version
	bigtree_cms	eq	4.5.7

References

github.com/Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings/blob/main/README.md

www.bigtreecms.org/download/core/