Arbitrary Code Injection through TinyMCE in Pluck CMS 4.7.2

CVE-2014-8707 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.

Learn more about our Web App Pen Testing.