HomePentest-Tools.com Logo

BigTree CMS < 4.4.4 XSS Vulnerability (Aug 2021) CVE-2020-18467

Severity
CVSSv3 Score
5.4
Vulnerability description

BigTree CMS is prone to a cross-site scripting (XSS) vulnerability.

Risk description

A cross-site scripting (XSS) vulnerability exists in BigTree-CMS in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.

Recommendation

Update to version 4.4.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 26, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available