Vulnerabilities > Pluxml

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2024-22636 Unspecified vulnerability in Pluxml 5.8.9
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature.
network
low complexity
pluxml
8.8
2022-03-01 CVE-2022-25018 Code Injection vulnerability in Pluxml 5.8.7
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
network
low complexity
pluxml CWE-94
8.8
2022-03-01 CVE-2022-25020 Cross-site Scripting vulnerability in Pluxml 5.8.7
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
network
low complexity
pluxml CWE-79
5.4
2022-02-15 CVE-2022-24585 Cross-site Scripting vulnerability in Pluxml 5.8.7
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
network
low complexity
pluxml CWE-79
5.4
2022-02-15 CVE-2022-24587 Cross-site Scripting vulnerability in Pluxml 5.8.7
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
network
low complexity
pluxml CWE-79
5.4
2022-02-15 CVE-2022-24586 Cross-site Scripting vulnerability in Pluxml 5.8.7
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
network
low complexity
pluxml CWE-79
5.4
2021-08-12 CVE-2021-38602 Cross-site Scripting vulnerability in Pluxml 5.8.7
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
network
low complexity
pluxml CWE-79
4.8
2021-08-12 CVE-2021-38603 Cross-site Scripting vulnerability in Pluxml 5.8.7
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
network
low complexity
pluxml CWE-79
4.8
2020-10-02 CVE-2020-18185 Code Injection vulnerability in Pluxml 5.7
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
network
low complexity
pluxml CWE-94
critical
9.8
2017-11-01 CVE-2017-1001001 Cross-site Scripting vulnerability in Pluxml 5.6
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
network
low complexity
pluxml CWE-79
5.4