CVE-2023-44954

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.

Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings
Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings
BigTree CMS version 4.5.7 is affected by a Stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject malicious code into the developer settings panel, enabling them to execute stored code when accessing the /site/index.php/admin/developer/settings resource.
GitHubGitHub