In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
{
"cpe": "cpe:2.3:a:bigtreecms:bigtree_cms:4.2.23:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "4.2.23"
},
{
"last_affected": "4.2.23"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}