In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/149788/BigTree-CMS-4.2.23-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
https://github.com/bigtreecms/BigTree-CMS/commit/ffd668a3aa7d2f540dbcdf5751f207302519df72 | Patch Third Party Advisory |
https://github.com/bigtreecms/BigTree-CMS/issues/356 | Issue Tracking Patch Third Party Advisory |
https://www.exploit-db.com/exploits/45628/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-16T22:00:00
Updated: 2019-04-09T19:52:52
Reserved: 2018-10-14T00:00:00
Link: CVE-2018-18308
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-16T22:29:01.807
Modified: 2019-04-12T19:56:27.710
Link: CVE-2018-18308
JSON object: View
Redhat Information
No data.
CWE