CVE-2017-9547

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
References
Link Resource
https://github.com/bigtreecms/BigTree-CMS/issues/297 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-12 06:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-9547

Mitre link : CVE-2017-9547

CVE.ORG link : CVE-2017-9547


JSON object : View

Products Affected

bigtreecms

  • bigtree_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')