Authenticated Stored XSS in Pluck CMS

Authenticated Stored XSS in Pluck CMS

CVE-2018-11330 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.

Learn more about our Web Application Penetration Testing UK.