| Titel | Stored Cross Site Scripting (XSS) exists in PluckCMS 4.7.18 |
|---|
| Beschreibung | The affected component is PluckCMS 4.7.18.
The environment can be downloaded at https://github.com/pluck-cms/pluck.
The Stored XSS is found in the installation of PluckCMS.
In the step 3 of installation, enter <script>alert('xss')</script> in the content and click save.
Go to the website and a prompt contains"xss" will show.
Stored XSS can cause Cookie leakage, damage the normal structure and style of the page, and redirect access to malicious websites. |
|---|
| Quelle | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul3.md |
|---|
| Benutzer | JackYu (UID 52658) |
|---|
| Einreichung | 06.09.2023 04:13 (vor 3 Jahren) |
|---|
| Moderieren | 16.09.2023 08:35 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 239854 [Pluck CMS 4.7.18 Installation install.php contents Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|