Pluck cross-site scripting vulnerability (CNVD-2018-25042)
Pluck is a simple content management system CMS written in PHP. A cross-site scripting vulnerability exists in Pluck version 4.7.7. A remote attacker can exploit this vulnerability by sending the 'title' field to the admin.php?action=editpage&page=14253123 URL to execute malicious script...