CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-18467

Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.4%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/bigtreecms/BigTree-CMS/issues/364
https://github.com/bigtreecms/BigTree-CMS/issues/364

Products affected by CVE-2020-18467

Bigtreecms » Bigtree Cms » Version: 4.4.3

cpe:2.3:a:bigtreecms:bigtree_cms:4.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-18467

Products

Pricing

Contact Us