Vulnerability Note VU#400619
Pluck SiteLife software multiple XSS vulnerabilities
Pluck SiteLife software contains multiple XSS vulnerabilities.
According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting (XSS) vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An attacker with access to the Pluck SiteLife software can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Pluck||Affected||03 Jan 2012||03 Apr 2012|
CVSS Metrics (Learn More)
Thanks to Phil Purviance for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-0253
- Date Public: 10 Apr 2012
- Date First Published: 10 Apr 2012
- Date Last Updated: 12 Apr 2012
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.