Filtered by vendor Pluck-cms
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8706 | 1 Pluck-cms | 1 Pluck | 2017-03-28 | N/A |
| Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | ||||
| CVE-2014-8708 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | N/A |
| Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | ||||
| CVE-2014-8707 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | ||||