CVE-2017-9448

Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in coreadminajaxpagessave-revision.php and coreadminmodulespagesrevisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.

Date published : 2017-06-06

https://github.com/bigtreecms/BigTree-CMS/issues/294