VYPR
Medium severity5.4NVD Advisory· Published Jun 12, 2017· Updated Jun 17, 2026

CVE-2017-9547

CVE-2017-9547

Description

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).

Affected products

2
  • cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*range: <=4.2.18
    • (no CPE)range: <=4.2.18

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.