CVE-2018-10183

Name of the Vulnerable Software and Affected Versions: BigTree version 4.2.22

Description: The issue is related to cross-site scripting (XSS) in the /core/inc/lib/less.php/test/index.php file. This occurs due to the echo of the $ SERVER['REQUEST URI'] variable. The vulnerability can be demonstrated by manipulating the dir parameter in a file=charsets action.

Recommendations: For BigTree version 4.2.22, consider restricting access to the vulnerable /core/inc/lib/less.php/test/index.php file until a patch is available. As a temporary workaround, avoid using the dir parameter in the file=charsets action to minimize the risk of exploitation.