Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6916 | 1 Bigtreecms | 1 Bigtree Cms | 2017-03-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | |||||
| CVE-2017-6917 | 1 Bigtreecms | 1 Bigtree Cms | 2017-03-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. | |||||
| CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2017-02-16 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2013-5313 | 1 Bigtreecms | 1 Bigtree Cms | 2013-08-20 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | |||||