Vulnerabilities > Bigtreecms > Bigtree CMS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-26 | CVE-2020-18467 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.4.3 Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create. | 3.5 |
| 2021-06-01 | CVE-2020-26669 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update. | 3.5 |
| 2018-04-30 | CVE-2018-10364 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | 3.5 |
| 2018-01-23 | CVE-2018-6013 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.19 Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. | 3.5 |
| 2017-06-12 | CVE-2017-9546 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | 3.5 |
| 2017-06-12 | CVE-2017-9547 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). | 3.5 |
| 2017-06-12 | CVE-2017-9548 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | 3.5 |
| 2017-06-06 | CVE-2017-9448 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. | 3.5 |
| 2017-02-14 | CVE-2016-10223 | Improper Access Control vulnerability in Bigtreecms Bigtree CMS An issue was discovered in BigTree CMS before 4.2.15. | 3.5 |