Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluxml pluxml vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-4674
PluXml prior to 5.1.6 allows remote malicious users to obtain the installation path via the PHPSESSID.
Pluxml Pluxml
4.3
CVSSv2
CVE-2012-4675
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to file update.
Pluxml Pluxml
7.5
CVSSv2
CVE-2012-2227
Directory traversal vulnerability in update/index.php in PluXml prior to 5.1.6 allows remote malicious users to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Pluxml Pluxml
1 EDB exploit
3.5
CVSSv2
CVE-2017-1001001
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Pluxml Pluxml 5.6
3.5
CVSSv2
CVE-2021-38603
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Pluxml Pluxml 5.8.7
1 Github repository
NA
CVE-2024-22636
PluXml Blog v5.8.9 exists to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
Pluxml Pluxml 5.8.9
7.5
CVSSv2
CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows malicious users to execute arbitrary PHP code by modify the configuration file in a linux environment.
Pluxml Pluxml 5.7
6.5
CVSSv2
CVE-2022-25018
Pluxml v5.8.7 exists to allow malicious users to execute arbitrary code via crafted PHP code inserted into static pages.
Pluxml Pluxml 5.8.7
1 Github repository
3.5
CVSSv2
CVE-2022-25020
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Pluxml Pluxml 5.8.7
7.5
CVSSv2
CVE-2007-3432
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote malicious users to upload and execute arbitrary PHP code via a .jpg filename.
Pluxml Pluxml 0.3.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »