CVE-2023-5013

Name of the Vulnerable Software and Affected Versions Pluck CMS version 4.7.18

Description A problematic issue has been identified, affecting the install.php file of the Installation Handler component. The manipulation of the contents argument with the input <script>alert('xss')</script> leads to cross-site scripting. This issue can be initiated remotely, with a rather high complexity of attack, making exploitation difficult.

Recommendations For Pluck CMS version 4.7.18, consider disabling the install.php file or restricting access to it until a patch is available. Avoid using the contents argument in the affected Installation Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.