CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9441

Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2017-9441

Bigtreecms » Bigtree Cms » Version: 4.0

cpe:2.3:a:bigtreecms:bigtree_cms:4.0
Bigtreecms » Bigtree Cms » Version: 4.0.1

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.1
Bigtreecms » Bigtree Cms » Version: 4.0.10

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.10
Bigtreecms » Bigtree Cms » Version: 4.0.11

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.11
Bigtreecms » Bigtree Cms » Version: 4.0.12

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.12
Bigtreecms » Bigtree Cms » Version: 4.0.13

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.13
Bigtreecms » Bigtree Cms » Version: 4.0.2

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.2
Bigtreecms » Bigtree Cms » Version: 4.0.3

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.3
Bigtreecms » Bigtree Cms » Version: 4.0.4

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.4
Bigtreecms » Bigtree Cms » Version: 4.0.5

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.5
Bigtreecms » Bigtree Cms » Version: 4.0.6

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.6
Bigtreecms » Bigtree Cms » Version: 4.0.7

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.7
Bigtreecms » Bigtree Cms » Version: 4.0.8

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.8
Bigtreecms » Bigtree Cms » Version: 4.0.9

cpe:2.3:a:bigtreecms:bigtree_cms:4.0.9
Bigtreecms » Bigtree Cms » Version: 4.1

cpe:2.3:a:bigtreecms:bigtree_cms:4.1
Bigtreecms » Bigtree Cms » Version: 4.1.1

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.1
Bigtreecms » Bigtree Cms » Version: 4.1.10

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.10
Bigtreecms » Bigtree Cms » Version: 4.1.12

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.12
Bigtreecms » Bigtree Cms » Version: 4.1.13

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.13
Bigtreecms » Bigtree Cms » Version: 4.1.14

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.14
Bigtreecms » Bigtree Cms » Version: 4.1.15

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.15
Bigtreecms » Bigtree Cms » Version: 4.1.16

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.16
Bigtreecms » Bigtree Cms » Version: 4.1.17

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.17
Bigtreecms » Bigtree Cms » Version: 4.1.18

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.18
Bigtreecms » Bigtree Cms » Version: 4.1.2

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.2
Bigtreecms » Bigtree Cms » Version: 4.1.3

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.3
Bigtreecms » Bigtree Cms » Version: 4.1.4

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.4
Bigtreecms » Bigtree Cms » Version: 4.1.5

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.5
Bigtreecms » Bigtree Cms » Version: 4.1.6

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.6
Bigtreecms » Bigtree Cms » Version: 4.1.8

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.8
Bigtreecms » Bigtree Cms » Version: 4.1.9

cpe:2.3:a:bigtreecms:bigtree_cms:4.1.9
Bigtreecms » Bigtree Cms » Version: 4.2

cpe:2.3:a:bigtreecms:bigtree_cms:4.2
Bigtreecms » Bigtree Cms » Version: 4.2.1

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.1
Bigtreecms » Bigtree Cms » Version: 4.2.10

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.10
Bigtreecms » Bigtree Cms » Version: 4.2.11

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.11
Bigtreecms » Bigtree Cms » Version: 4.2.12

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.12
Bigtreecms » Bigtree Cms » Version: 4.2.13

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.13
Bigtreecms » Bigtree Cms » Version: 4.2.14

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.14
Bigtreecms » Bigtree Cms » Version: 4.2.15

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.15
Bigtreecms » Bigtree Cms » Version: 4.2.16

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.16
Bigtreecms » Bigtree Cms » Version: 4.2.17

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.17
Bigtreecms » Bigtree Cms » Version: 4.2.18

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.18
Bigtreecms » Bigtree Cms » Version: 4.2.2

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.2
Bigtreecms » Bigtree Cms » Version: 4.2.3

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.3
Bigtreecms » Bigtree Cms » Version: 4.2.4

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.4
Bigtreecms » Bigtree Cms » Version: 4.2.5

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.5
Bigtreecms » Bigtree Cms » Version: 4.2.6

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.6
Bigtreecms » Bigtree Cms » Version: 4.2.7

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.7
Bigtreecms » Bigtree Cms » Version: 4.2.8

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.8
Bigtreecms » Bigtree Cms » Version: 4.2.9

cpe:2.3:a:bigtreecms:bigtree_cms:4.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9441

Products

Pricing

Contact Us