Miguel Ángel Ruiz

**Name of the Vulnerable Software and Affected Versions** BigTree CMS version 4.5.7 **Description** The issue allows a remote attacker to execute arbitrary code via the `ID` parameter in the Developer Settings functions. This is a Cross Site Scripting vulnerability. **Recommendations** For BigTree CMS version 4.5.7, consider disabling the Developer Settings functions until a patch is available. Avoid using the `ID` parameter in the affected functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.