Yjn818

**Name of the Vulnerable Software and Affected Versions** BigTree versions prior to 4.2.19 **Description** The issue allows remote authenticated users to cause a denial of service, specifically the inability to save revisions, by injecting XSS sequences in a revision name. **Recommendations** For BigTree versions prior to 4.2.19, update to version 4.2.19 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BigTree versions through 4.2.18 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication. **Recommendations** For BigTree versions through 4.2.18, update to a version later than 4.2.18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BigTree versions through 4.2.18 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication. **Recommendations** For BigTree versions through 4.2.18, update to a version later than 4.2.18 to resolve the issue.