CVE-2020-18467
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-18467
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-18467.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-18467
- Published
- 2021-08-26T18:15:07Z
- Modified
- 2025-01-14T08:36:07.496086Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
- References
Affected packages
Git / github.com/bigtreecms/bigtree-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigtreecms/bigtree-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0RC2
4.0b7
4.0beta2
4.0beta4
4.0beta5
4.0beta6
4.0rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.21
4.2.22
4.2.23
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3
4.3.1
4.3.2
4.3.4
4.4
4.4.1
4.4.2
4.4.3
Other
RC2
v4.*
v4.0b1
v4.0b3