Vulnerabilities > Pluxml > Pluxml > 5.1.5

DATE CVE VULNERABILITY TITLE RISK
2012-08-26 CVE-2012-4675 Cross-Site Scripting vulnerability in Pluxml 0.3.1/5.1.5
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
network
pluxml CWE-79
4.3
4.3
2012-08-26 CVE-2012-4674 Information Exposure vulnerability in Pluxml 0.3.1/5.1.5
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
network
low complexity
pluxml CWE-200
5.0
5.0
2012-08-26 CVE-2012-2227 Path Traversal vulnerability in Pluxml 0.3.1/5.1.5
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
network
low complexity
pluxml CWE-22
7.5
7.5