Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pluck 多个 跨站脚本攻击漏洞
Vulnerability Description
Pluck是一套网站管理系统。 Pluck 4.5.2版本存在多个跨站脚本攻击漏洞。 当register_globals被激活时,远程攻击者可利用此漏洞(ata/inc/footer.php的lang_footer参数;data/inc/header.php的 pluck_version、 lang_install22、titelkop、lang_kop1、lang_kop2、lang_modules、 lang_kop4、lang_kop15、lang_kop5及titelkop参数;data/inc/
CVSS Information
N/A
Vulnerability Type
N/A