CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-27082

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.8%

CVSS Severity

CVSS v3 Score 4.8

References

https://medium.com/%40syed.pentester/authenticated-stored-cross-site-scripting-xss-d39aab69e58f
https://medium.com/%40syed.pentester/authenticated-stored-cross-site-scripting-xss-d39aab69e58f

Products affected by CVE-2023-27082

Pluck-Cms » Pluck » Version: 4.7.15

cpe:2.3:a:pluck-cms:pluck:4.7.15
Pluck-Cms » Pluck » Version: 4.7.16

cpe:2.3:a:pluck-cms:pluck:4.7.16

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27082

Products

Pricing

Contact Us