CVE-2026-16205 | Pluck CMS up to 4.7.21 Albums albums.admin.php htmlspecialchars_decode Info cross site scripting (Issue 145)
A vulnerability was found in Pluck CMS up to 4.7.21 and classified as problematic. This vulnerability affects the function htmlspecialchars_decode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting.
This vulnerability is registered as CVE-2026-16205. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More