2017-06-06 15:00:00
mitre
PUBLISHED
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in coreadminajaxpagessave-revision.php and coreadminmodulespagesrevisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.