exploitDog

CVE-2018-1000521

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279.

Ссылки

https://github.com/bigtreecms/BigTree-CMS/issues/328
Exploit
Third Party Advisory
https://github.com/bigtreecms/BigTree-CMS/issues/328
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.21:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xp45-33wm-mg9r

CVSS3: 6.1

github

больше 3 лет назад

BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79