Описание
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.18 (включая)
cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.0014
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
EPSS
Процентиль: 34%
0.0014
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79