Pluck SiteLife software contains multiple XSS vulnerabilities.
According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting (XSS) vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An attacker with access to the Pluck SiteLife software can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Apply an Update
Thanks to Phil Purviance for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-04-10|
|Date Last Updated:||2012-04-12 15:11 UTC|