CVE-2020-18467

Name of the Vulnerable Software and Affected Versions: BigTree-CMS version 4.4.3

Description: A Cross Site Scripting (XSS) issue exists in the tag name field found in the Tags page under the General menu. This can be exploited via a crafted website name by doing an authenticated POST HTTP request to the "admin/tags/create" endpoint.

Recommendations: For BigTree-CMS version 4.4.3, as a temporary workaround, consider restricting access to the tag name field in the Tags page until a patch is available. Avoid using the tag name field in the affected "admin/tags/create" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.