2 matches found
CVE-2026-16205
A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...
CVE-2026-16205
In Pluck CMS up to version 4.7.21, the vulnerability affects the Albums Module (data/modules/albums/albums.admin.php) via the function htmlspecialchars_decode. Manipulating the Info argument can trigger cross-site scripting, with remote exploitation possible. Public exploit exists. The project wa...