Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:09
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jul 2023, 13:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://medium.com/@syed.pentester/authenticated-stored-cross-site-scripting-xss-d39aab69e58f - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
CPE | cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4:*:*:*:*:*:* cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:* cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1:*:*:*:*:*:* cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3:*:*:*:*:*:* cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2:*:*:*:*:*:* |
|
First Time |
Pluck-cms pluck
Pluck-cms |
|
CWE | CWE-79 |
26 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-26 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-27082
Mitre link : CVE-2023-27082
CVE.ORG link : CVE-2023-27082
JSON object : View
Products Affected
pluck-cms
- pluck
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')