Authenticated Stored XSS in Pluck CMS
CVE-2018-11330 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
Learn more about our Web Application Penetration Testing UK.