Bigtreecms Bigtree Cms vulnerabilities
44 known vulnerabilities affecting bigtreecms/bigtree_cms.
Total CVEs
44
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH16MEDIUM24LOW1
Vulnerabilities
Page 3 of 3
CVE-2017-6917P4MEDIUMCVSS 4.3v4.2.162017-03-15
CVE-2017-6917 [MEDIUM] CWE-352 CVE-2017-6917: CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The C
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.
nvd
CVE-2017-6918P4MEDIUMCVSS 4.3v4.2.162017-03-15
CVE-2017-6918 [MEDIUM] CWE-352 CVE-2017-6918: CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page.
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
nvd
CVE-2017-6915P4MEDIUMCVSS 4.3v4.1.82017-03-15
CVE-2017-6915 [MEDIUM] CWE-352 CVE-2017-6915: CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. Th
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.
nvd
CVE-2017-9441P4LOWCVSS 2.7≤ 4.2.182017-06-05
CVE-2017-9441 [LOW] CWE-79 CVE-2017-9441: Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authe
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\
nvd
← Previous3 / 3