Medium severity5.4NVD Advisory· Published Mar 17, 2017· Updated Jun 17, 2026
CVE-2014-8707
CVE-2014-8707
Description
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- rossmarks.uk/whitepapers/pluck_cms_4.7.txtnvdExploitThird Party Advisory
- rossmarks.uk/portfolio.phpnvdThird Party Advisory
News mentions
0No linked articles in our index yet.