2 matches found
CVE-2018-18308
BigTree CMS 4.2.23 contains a Stored XSS vulnerability in the image-upload path /admin/ajax/file-browser/upload/. The issue arises in the image upload handling, allowing an attacker to inject arbitrary web script/HTML via the upload mechanism. Public references (Exploit-DB, CNVD, CNVD-like entrie...
BigTree CMS 4.2.23 Cross Site Scripting
Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23 Vulernability Type : Cross-site Scripting...