CVE-2018-16729

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
References
Link Resource
https://github.com/pluck-cms/pluck/issues/63 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:pluck-cms:pluck:4.7.7:*:*:*:*:*:*:*

Information

Published : 2018-09-12 04:29

Updated : 2018-11-09 04:17


NVD link : CVE-2018-16729

Mitre link : CVE-2018-16729

Products Affected
No products.
CWE