CVE-2018-1000521

Name of the Vulnerable Software and Affected Versions BigTree-CMS versions prior to the version containing commit b652cfdc14d0670c81ac4401ad5a04376745c279

Description The issue allows low-privileged users to attack high-privileged users, such as developers, through a Cross Site Scripting (XSS) vulnerability. This vulnerability is located in the "/users/create" API endpoint.

Recommendations For versions prior to the one containing commit b652cfdc14d0670c81ac4401ad5a04376745c279, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the "/users/create" endpoint until a patch is available.