Filtered by vendor Pluck-cms
Subscribe
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8708 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | |||||
| CVE-2014-8707 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | |||||
| CVE-2012-1227 | 1 Pluck-cms | 1 Pluck | 2012-02-24 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | |||||