Cross Site Scripting Vulnerability in Pluck CMS by Pluck
CVE-2023-27082

4.8MEDIUM

Key Information:

Vendor: Pluck-cms
Status: Pluck
Vendor: CVE Published:; 26 June 2023

What is CVE-2023-27082?

A Cross Site Scripting (XSS) vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, specifically in the /admin.php file. This flaw allows remote attackers to upload maliciously crafted HTML files, potentially enabling them to execute arbitrary code in the context of the user's session. This type of vulnerability can lead to significant security breaches, including data theft and unauthorized access to sensitive areas of the application.

References

https://medium.com/%40syed.pentester/authenticated-stored...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Feb 27, 2023

Pluck-cms

What is CVE-2023-27082?

References

CVSS V3.1

Timeline