Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 Jun 2015 22:30:46 +0530
From: Anirudh Anand <>
Subject: CVE Request - BigTree CMS - Stored XSS while creating a new user

Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*:

*Software Link:*

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian

The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:*

*Fix Released:*


Anirudh Anand

*"Those who Say it cannot be done, should not interrupt the people doing

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ