Vulnerabilities > Bigtreecms > Low

DATE CVE VULNERABILITY TITLE RISK
2021-08-26 CVE-2020-18467 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.4.3
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
network
bigtreecms CWE-79
3.5
2021-06-01 CVE-2020-26669 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
network
bigtreecms CWE-79
3.5
2018-12-23 CVE-2018-20405 Authorization Bypass Through User-Controlled Key vulnerability in Bigtreecms Bigtree 4.3
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error.
network
low complexity
bigtreecms CWE-639
2.7
2018-04-30 CVE-2018-10364 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
network
bigtreecms CWE-79
3.5
2018-01-23 CVE-2018-6013 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.19
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter.
network
bigtreecms CWE-79
3.5
2017-06-12 CVE-2017-9546 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
network
bigtreecms CWE-79
3.5
2017-06-12 CVE-2017-9547 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
network
bigtreecms CWE-79
3.5
2017-06-12 CVE-2017-9548 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
network
bigtreecms CWE-79
3.5
2017-06-06 CVE-2017-9448 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter.
network
bigtreecms CWE-79
3.5
2017-02-14 CVE-2016-10223 Improper Access Control vulnerability in Bigtreecms Bigtree CMS
An issue was discovered in BigTree CMS before 4.2.15.
3.5