Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Moderate
CVE-2021-38603
Disclosure Date: August 12, 2021 (last updated February 23, 2025)
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
1
Attacker Value
Unknown
CVE-2022-25020
Disclosure Date: March 01, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
0
Attacker Value
Unknown
CVE-2022-25018
Disclosure Date: March 01, 2022 (last updated February 23, 2025)
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
0
Attacker Value
Unknown
CVE-2022-24587
Disclosure Date: February 15, 2022 (last updated February 23, 2025)
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
0
Attacker Value
Unknown
CVE-2022-24585
Disclosure Date: February 15, 2022 (last updated February 23, 2025)
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
0
Attacker Value
Unknown
CVE-2022-24586
Disclosure Date: February 15, 2022 (last updated February 23, 2025)
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
0
Attacker Value
Unknown
CVE-2021-38602
Disclosure Date: August 12, 2021 (last updated February 23, 2025)
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
0
