cvedb.io
CVE-2018-7197
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2018-02-18T03:29:00.243 · Last modified 2026-06-17T02:02:46.903

Summary

An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.

Affected products

pluck-cms — pluck

Does this affect you?

Add your gear to cvedb and we'll alert you only when pluck-cms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.