CVE-2016-10223

Name of the Vulnerable Software and Affected Versions BigTree CMS versions prior to 4.2.15

Description The issue is caused by insufficient filtration of user-supplied data in the id HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For BigTree CMS versions prior to 4.2.15, update to version 4.2.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the "core/admin/adjax/dashboard/check-module-integrity.php" API endpoint to minimize the risk of exploitation. Avoid using the id parameter in this endpoint until the issue is resolved.