Pluck SiteLife software contains multiple XSS vulnerabilities.
According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting (XSS) vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An attacker with access to the Pluck SiteLife software can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Apply an Update
Notified: January 03, 2012 Updated: April 03, 2012
DemandMedia has stated that all affected customers have already been notified via email in regards to the new release and changelog documentation is available for customers who login to the Pluck Connect portal.
We are not aware of further vendor information regarding this vulnerability.
Thanks to Phil Purviance for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-04-10|
|Date Last Updated:||2012-04-12 15:11 UTC|