CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
Configurations

No configuration.

History

04 May 2026, 15:16

Type Values Removed Values Added
CWE CWE-79
References () https://medium.com/@nakah_/pluck-cms-stored-xss-in-page-editor-cve-2026-31205-3b0526743e1d?postPublishedType=initialĀ - () https://medium.com/@nakah_/pluck-cms-stored-xss-in-page-editor-cve-2026-31205-3b0526743e1d?postPublishedType=initialĀ -

04 May 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-04 14:16

Updated : 2026-06-17 10:33


NVD link : CVE-2026-31205

Mitre link : CVE-2026-31205

CVE.ORG link : CVE-2026-31205


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')