Lucene search

[email protected]NVD:CVE-2017-9547

HistoryJun 12, 2017 - 6:29 a.m.

CVE-2017-9547

2017-06-1206:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.6%

JSON

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).

Affected configurations

Nvd

Node

bigtreecmsbigtree_cmsRange≤4.2.18

VendorProductVersionCPE
bigtreecmsbigtree_cms*cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bigtreecms	bigtree_cms	*	cpe:2.3:a:bigtreecms:bigtree_cms::::::::

References

github.com/bigtreecms/BigTree-CMS/issues/297

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.6%

JSON

Related for NVD:CVE-2017-9547

osv1 cve1 prion1 cvelist1 openvas1