5.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.8%
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
github.com/pluck-cms/pluck/issues/47