CVE-2018-10364
MEDIUMBigTree CMS < 4.2.22 - Stored Cross-Site Scripting via Users Management Page
Title source: llmDescription
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/bigtreecms/BigTree-CMS/issues/332
Patch x_refsource_misc
https://github.com/bigtreecms/BigTree-CMS/commit/b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6
Release Notes x_refsource_confirm
https://github.com/bigtreecms/BigTree-CMS#changelog
Scores
CVSS v3
5.4
EPSS
0.0083
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
bigtreecms/bigtree_cms
< 4.2.22
Published
Apr 30, 2018
Tracked Since
Feb 18, 2026