CVE-2023-44954
- Source
- https://cve.org/CVERecord?id=CVE-2023-44954
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44954.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-44954
- Published
- 2023-11-01T23:15:07.900Z
- Modified
- 2025-11-15T06:54:13.596553Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.
- References
Affected packages
Git / github.com/bigtreecms/bigtree-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigtreecms/bigtree-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0RC2
4.0b7
4.0beta2
4.0beta4
4.0beta5
4.0beta6
4.0rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.21
4.2.22
4.2.23
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3
4.3.1
4.3.2
4.3.4
4.4
4.4.1
4.4.10
4.4.11
4.4.12
4.4.14
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.5
4.5.1
4.5.2
4.5.3
4.5.5
4.5.6
4.5.7
Other
RC2
v4.*
v4.0b1
v4.0b3