CVE-2026-31205 MEDIUM

CVE-2026-31205

Vendor N/A
Product n/a
Published May 4, 2026
Last update May 4, 2026

CVSS base score

5.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:N/A:N/C:H/I:H/PR:H/S:U/UI:R

What the vulnerability does

01Description

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

Key dates

02Disclosure timeline

May 4, 2026 CVE published
May 4, 2026 Record updated