PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
Max CVSS
8.8
EPSS Score
0.11%
Published
2024-01-25
Updated
2024-01-29
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Max CVSS
5.4
EPSS Score
0.14%
Published
2022-03-01
Updated
2022-03-09
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
Max CVSS
8.8
EPSS Score
1.40%
Published
2022-03-01
Updated
2022-03-09
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-22
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-23
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-22
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Max CVSS
4.8
EPSS Score
0.06%
Published
2021-08-12
Updated
2021-08-16
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
Max CVSS
4.8
EPSS Score
0.06%
Published
2021-08-12
Updated
2021-08-16
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
Max CVSS
9.8
EPSS Score
3.28%
Published
2020-10-02
Updated
2020-10-08
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-01
Updated
2017-11-18
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-08-26
Updated
2017-08-29
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-26
Updated
2012-08-27
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Max CVSS
7.5
EPSS Score
2.93%
Published
2012-08-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-07-03
Updated
2017-09-29
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
Max CVSS
7.5
EPSS Score
1.00%
Published
2007-06-27
Updated
2018-10-16
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!