Lucene search
K

9 matches found

NVD
NVD
added 2018/12/04 4:29 p.m.18 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8CVSS8.8AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/12/04 4:29 p.m.18 views

Cross site request forgery (csrf)

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

6.8CVSS8.7AI score0.00523EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/04 4:29 p.m.16 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.4CVSS5.3AI score0.0057EPSS
Exploits1References1
OSV
OSV
added 2018/12/04 4:29 p.m.16 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8CVSS7AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/12/04 4:29 p.m.12 views

Design/Logic Flaw

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

3.5CVSS5.2AI score0.0057EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/04 4:29 p.m.17 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.4CVSS5.8AI score0.0057EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/04 4:0 p.m.20 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8AI score0.00523EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/04 4:0 p.m.24 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.3AI score0.0057EPSS
Exploits1References1
CVE
CVE
added 2018/12/04 4:0 p.m.38 views

CVE-2018-16633

Pluck v4.7.7 contains a cross-site scripting (XSS) vulnerability that can be triggered via the page title when editing a page (admin.php?action=editpage&page=...). The underlying issue is a lack of proper sanitization/escaping for the title parameter, enabling injection of malicious scripts. The ...

5.4CVSS5.2AI score0.0057EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder