Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
XSS
PHP
Bigtree Cms
NVD
GitHub
CVSS 3.1
2.7
EPSS
0.2%