CVE-2023-5013
Published on: Not Yet Published
Last Modified on: 09/20/2023 01:26:00 PM UTC
Certain versions of Pluck from Pluck-cms contain the following vulnerability:
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')</script> leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-239854 is the identifier assigned to this vulnerability.
- CVE-2023-5013 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Pluck - CMS version = 4.7.18
CVSS3 Score: 5.4 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| CHANGED | LOW | LOW | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| CVE-2023-5013: Pluck CMS Installation install.php cross site scripting | vuldb.com text/html |
MISC vuldb.com/?id.239854 |
| Login required | vuldb.com text/html Inactive LinkNot Archived |
MISC vuldb.com/?ctiid.239854 |
| No Description Provided | github.com text/html |
MISC github.com/Jacky-Y/vuls/blob/main/vul3.md |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pluck-cms | Pluck | 4.7.18 | - | All | All |
- cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE