Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings

Releases0

BigTree CMS version 4.5.7 is affected by a Stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject malicious code into the developer settings panel, enabling them to execute stored code when accessing the /site/index.php/admin/developer/settings resource.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-44954 ↗	Nov 1, 2023Wednesday, 1 November 2023, 23:15	5.4 MEDIUM	—
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.