MEDIUM
Bigtreecms
CVE published 2017-02-14
CVE-2016-10223
CVE-2016-10223 affects BigTree CMS before 4.2.15 (through 4.2.14). The issue is in the core/admin/adjax/dashboard/check-module-integrity.php endpoint, where user-supplied data in the id HTTP GET parameter was not sufficiently filtered. According to the published description, an attacker could cause arbitrary HTML and script to execute in a browser in the context of the vulnerable website. NVD records this [truncated]