A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input alert('xss') leads to cross site scripting. The attack...
5.4CVSS
5.2AI Score
0.001EPSS
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its βalbumsβ module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...
7.2CVSS
7.4AI Score
0.001EPSS