Enviar #857798: pluck pluck-cms <= 4.7.21 dev Improper Neutralization of Alternate XSS Syntaxinformación

Títulopluck pluck-cms <= 4.7.21 dev Improper Neutralization of Alternate XSS Syntax
DescripciónPluck CMS <= 4.7.21 dev contains a stored cross site scripting vulnerability in the albums module. User-controlled data entered in the image description field is stored and later rendered on the frontend album page using htmlspecialchars_decode() without proper output encoding. This allows an authenticated administrator to inject arbitrary JavaScript that executes in the browser of users visiting the affected album page.
Fuente⚠️ https://github.com/pluck-cms/pluck/issues/145
Usuario
 kr1s (UID 98570)
Sumisión2026-06-13 08:47 (hace 1 mes)
Moderación2026-07-18 09:38 (1 month later)
EstadoAceptado
Entrada de VulDB380021 [Pluck CMS hasta 4.7.21 Albums albums.admin.php htmlspecialchars_decode Información secuencias de comandos en sitios cruzados]
Puntos20

Do you need the next level of professionalism?

Upgrade your account now!