Vulnerability Details CVE-2018-7197
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-7197
-
cpe:2.3:a:pluck-cms:pluck:4.3
-
cpe:2.3:a:pluck-cms:pluck:4.5.1
-
cpe:2.3:a:pluck-cms:pluck:4.5.2
-
cpe:2.3:a:pluck-cms:pluck:4.5.3
-
cpe:2.3:a:pluck-cms:pluck:4.6.1
-
cpe:2.3:a:pluck-cms:pluck:4.6.2
-
cpe:2.3:a:pluck-cms:pluck:4.7
-
cpe:2.3:a:pluck-cms:pluck:4.7.2
-
cpe:2.3:a:pluck-cms:pluck:4.7.3
-
cpe:2.3:a:pluck-cms:pluck:4.7.4