VYPR
Unrated severityNVD Advisory· Published Jun 26, 2023· Updated Dec 4, 2024

CVE-2023-27082

CVE-2023-27082

Description

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

Affected products

2
  • Pluck CMS/Pluck CMSdescription
  • Havalite/CMSllm-fuzzy
    Range: >=4.7.15, <=4.7.16-dev4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.