Vulnerabilities > Pluxml

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-25	CVE-2024-22636	Unspecified vulnerability in Pluxml 5.8.9 PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. network low complexity pluxml	8.8
2022-03-01	CVE-2022-25018	Code Injection vulnerability in Pluxml 5.8.7 Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. network low complexity pluxml CWE-94	8.8
2022-03-01	CVE-2022-25020	Cross-site Scripting vulnerability in Pluxml 5.8.7 A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. network low complexity pluxml CWE-79	5.4
2022-02-15	CVE-2022-24585	Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. network low complexity pluxml CWE-79	5.4
2022-02-15	CVE-2022-24587	Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. network low complexity pluxml CWE-79	5.4
2022-02-15	CVE-2022-24586	Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. network low complexity pluxml CWE-79	5.4
2021-08-12	CVE-2021-38602	Cross-site Scripting vulnerability in Pluxml 5.8.7 PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. network low complexity pluxml CWE-79	4.8
2021-08-12	CVE-2021-38603	Cross-site Scripting vulnerability in Pluxml 5.8.7 PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. network low complexity pluxml CWE-79	4.8
2020-10-02	CVE-2020-18185	Code Injection vulnerability in Pluxml 5.7 class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. network low complexity pluxml CWE-94 critical	9.8
2017-11-01	CVE-2017-1001001	Cross-site Scripting vulnerability in Pluxml 5.6 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. network low complexity pluxml CWE-79	5.4

Vulnerabilities > Pluxml {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pluxml"}]}

Vulnerabilities > Pluxml