Arbitrary Code Injection through TinyMCE in Pluck CMS 4.7.2
CVE-2014-8707 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.
Learn more about our Web App Pen Testing.