CVE-2023-44954
Summary
A Cross Site Scripting (XSS) vulnerability has been identified in BigTree CMS version 4.5.7. This flaw can be exploited by a remote attacker to execute arbitrary code by manipulating the 'ID' parameter within the Developer Settings functions.
IFF Assessment
FOE
This vulnerability allows for arbitrary code execution, posing a direct threat to system integrity and data security for users of the affected CMS.
Severity
5.4
Medium
Defender Context
This XSS vulnerability in BigTree CMS requires immediate attention for organizations using version 4.5.7. Defenders should prioritize patching or upgrading the CMS to mitigate the risk of code execution. Monitoring for suspicious activity targeting Developer Settings functions is also advised.