9 matches found
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings...
Cross site request forgery (csrf)
Pluck v4.7.7 allows CSRF via admin.php?action=settings...
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings...
Design/Logic Flaw
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings...
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...
CVE-2018-16633
Pluck v4.7.7 contains a cross-site scripting (XSS) vulnerability that can be triggered via the page title when editing a page (admin.php?action=editpage&page=...). The underlying issue is a lack of proper sanitization/escaping for the title parameter, enabling injection of malicious scripts. The ...