Bigtree Cms Security Vulnerabilities and Issues — Bigtree Cms CVE List

Lucene search

BigtreecmsBigtree Cms

6 matches found

CVE•added 2013/08/14 1:50 p.m.•45 views

CVE-2013-4880

Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

4.3CVSS5.6AI score0.04522EPSS

CVE•added 2017/03/15 4:59 p.m.•43 views

CVE-2017-6915

CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.

4.3CVSS5.2AI score0.00119EPSS

CVE•added 2017/03/15 4:59 p.m.•35 views

CVE-2017-6916

CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.

4.3CVSS5.2AI score0.00119EPSS

CVE•added 2017/03/15 4:59 p.m.•34 views

CVE-2017-6917

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.

4.3CVSS5.2AI score0.00119EPSS

CVE•added 2017/03/15 4:59 p.m.•32 views

CVE-2017-6918

CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.

4.3CVSS5.2AI score0.00119EPSS

CVE•added 2018/12/23 11:29 p.m.•31 views

CVE-2018-20405

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -...

4CVSS3.9AI score0.00258EPSS