CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Prion•added 2018/12/04 4:29 p.m.•11 views

Design/Logic Flaw

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

3.5CVSS5.2AI score0.00206EPSS

Exploits1References1Affected Software1

OSV•added 2018/12/04 4:29 p.m.•10 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.4CVSS5.8AI score0.00206EPSS

Exploits1References1

Prion•added 2018/12/04 4:29 p.m.•14 views

Cross site request forgery (csrf)

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

6.8CVSS8.7AI score0.00141EPSS

Exploits1References1Affected Software1

NVD•added 2018/12/04 4:29 p.m.•7 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.4CVSS5.3AI score0.00206EPSS

Exploits1References1

NVD•added 2018/12/04 4:29 p.m.•13 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8CVSS8.8AI score0.00141EPSS

Exploits1References1

OSV•added 2018/12/04 4:29 p.m.•12 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8CVSS7AI score0.00141EPSS

Exploits1References1

CVE•added 2018/12/04 4:0 p.m.•40 views

CVE-2018-16634

The vulnerability CVE-2018-16634 affects the Pluck CMS v4.7.7. A Cross-Site Request Forgery (CSRF) exists that allows an attacker to perform unauthorized actions via admin.php?action=settings, such as changing site name and email parameters. This is documented in CNVD-2018-25041 (Pluck CSRF vulne...

8.8CVSS8.7AI score0.00141EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/12/04 4:0 p.m.•12 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

5.3AI score0.00206EPSS

Exploits1References1

Cvelist•added 2018/12/04 4:0 p.m.•12 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings...

8.8AI score0.00141EPSS

Exploits1References1

CVE•added 2018/12/04 4:0 p.m.•33 views

CVE-2018-16633

Pluck v4.7.7 contains a cross-site scripting (XSS) vulnerability that can be triggered via the page title when editing a page (admin.php?action=editpage&page=...). The underlying issue is a lack of proper sanitization/escaping for the title parameter, enabling injection of malicious scripts. The ...

5.4CVSS5.2AI score0.00206EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by