Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 Jun 2015 22:30:46 +0530
From: Anirudh Anand <>
Subject: CVE Request - BigTree CMS - Stored XSS while creating a new user

Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*:

*Software Link:*

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian

The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:*

*Fix Released:*


Anirudh Anand

*"Those who Say it cannot be done, should not interrupt the people doing

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.