Vulnerability Description
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bigtreecms | Bigtree Cms | <= 4.2.14 |
Related Weaknesses (CWE)
References
- https://github.com/bigtreecms/BigTree-CMS/blob/master/README.mdIssue TrackingPatchRelease Notes
- https://github.com/bigtreecms/BigTree-CMS/commit/59ebef5978f80e2fdc7b4db4a28b668Issue TrackingPatchThird Party Advisory
- https://github.com/bigtreecms/BigTree-CMS/blob/master/README.mdIssue TrackingPatchRelease Notes
- https://github.com/bigtreecms/BigTree-CMS/commit/59ebef5978f80e2fdc7b4db4a28b668Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-10223?
CVE-2016-10223 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashb...
How severe is CVE-2016-10223?
CVE-2016-10223 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10223?
Check the references section above for vendor advisories and patch information. Affected products include: Bigtreecms Bigtree Cms.