Advisory by Netsparker  
Name: Cross-Site Scripting Vulnerability in BigtreeCMS  
Affected Software: BigtreeCMS  
Affected Versions: 4.4.11  
Vendor Homepage:  
Vulnerability Type: Cross-Site Scripting  
Severity: Important  
Status: Fixed  
CVE-ID: CVE-2020-995566  
CVSS Score (3.0): 7.4 (High)  
Netsparker Advisory Reference: NS-20-004  
Technical Details  
URL: http://mylocalhost/site/index.php/admin/js/embeddable-form.js?hash=&id=  
Parameter Name: id  
Parameter Type: GET  
Attack Pattern: '"--></style></scRipt><scRipt>alert(2)</scRipt  
Note: This vulnerability is reproducible at Internet Explorer due to mime  
type sniffing.  
For more information on cross-site scripting vulnerabilities read the  
article Cross-site Scripting (XSS).  
For more information: