Vulnerabilities (CVE)

Filtered by vendor Pluxml Subscribe

Filtered by product Pluxml

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24586	1 Pluxml	1 Pluxml	2022-02-23	3.5 LOW	5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVE-2022-24587	1 Pluxml	1 Pluxml	2022-02-22	3.5 LOW	5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-24585	1 Pluxml	1 Pluxml	2022-02-22	3.5 LOW	5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVE-2021-38602	1 Pluxml	1 Pluxml	2021-08-16	3.5 LOW	4.8 MEDIUM
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
CVE-2021-38603	1 Pluxml	1 Pluxml	2021-08-16	3.5 LOW	4.8 MEDIUM
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
CVE-2017-1001001	1 Pluxml	1 Pluxml	2017-11-18	3.5 LOW	5.4 MEDIUM
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.