Описание
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pluck-cms:pluck:4.7.2:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.0016
Низкий
5.4 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.
EPSS
Процентиль: 37%
0.0016
Низкий
5.4 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-79