Home

Description

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

PUBLISHED Reserved 2026-03-09 | Published 2026-05-04 | Updated 2026-05-04 | Assigner mitre




MEDIUM: 5.7CVSS:3.1/AC:H/AV:N/A:N/C:H/I:H/PR:H/S:U/UI:R

References

medium.com/...6-31205-3b0526743e1d?postPublishedType=initial exploit

github.com/...cms/pluck/blob/main/data/inc/functions.all.php

github.com/pluck-cms/pluck/blob/main/data/inc/editpage.php

github.com/pluck-cms/pluck/issues/141

medium.com/...6-31205-3b0526743e1d?postPublishedType=initial

cve.org (CVE-2026-31205)

nvd.nist.gov (CVE-2026-31205)

Download JSON