CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

CVE-2026-31205

CVE-2026-31205 describes a stored cross‑site scripting vulnerability in Pluck CMS prior to 4.7.21dev. The issue allows a remote attacker to escalate privileges via the editpage.php flow and the sanitizePageContent function. The description does not specify affected versions beyond the 4.7.21dev l...

PT-2026-36805

Name of the Vulnerable Software and Affected Versions Pluck CMS versions prior to 4.7.21dev Description A Cross Site Scripting issue allows a remote attacker to escalate privileges. This occurs through the 'editpage.php' endpoint and the sanitizePageContent function. Recommendations Update to...

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

LinkStack 跨站脚本漏洞

LinkStack is a unique platform developed by LinkStack OpenSource, offering efficient solutions for managing and sharing links online. Versions of LinkStack 4.8.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the operation of the editPage function in t...

CVE-2024-46878

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

CVE-2024-46878

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

CVE-2024-46878

CVE-2024-46878 affects Tiki CMS before or equal to version 26.3. The vulnerability is a Cross-Site Scripting (XSS) in the page parameter of tiki-editpage.php, allowing an attacker to inject arbitrary JavaScript via a crafted payload. This can lead to access to sensitive information or unauthorize...

Tiki 安全漏洞

Tiki is a set of open-source content management and portal applications developed by the Tiki community. It can be used to create web applications, portals, intranets, extranets, etc. Versions of Tiki prior to 26.3 contained a security vulnerability, which was caused by insufficient parameter...

CVE-2024-46878

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

PT-2026-27195

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

CVE-2024-46878

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

Cross site request forgery (csrf)

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

Pluck cross-site scripting vulnerability (CNVD-2018-25042)

Pluck is a simple content management system CMS written in PHP. A cross-site scripting vulnerability exists in Pluck version 4.7.7. A remote attacker can exploit this vulnerability by sending the 'title' field to the admin.php?action=editpage&page=14253123 URL to execute malicious script...

Design/Logic Flaw

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

CVE-2011-5025

Multiple cross-site scripting XSS vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via 1 the tag parameter to editTag.yaws, 2 the index parameter to showOldPage.yaws, 3 the node parameter to allRefsToMe.yaws, or 4 the text paramete...