Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluxml vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2227
Directory traversal vulnerability in update/index.php in PluXml prior to 5.1.6 allows remote malicious users to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Pluxml Pluxml
1 EDB exploit
NA
CVE-2012-4675
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to file update.
Pluxml Pluxml
NA
CVE-2012-4674
PluXml prior to 5.1.6 allows remote malicious users to obtain the installation path via the PHPSESSID.
Pluxml Pluxml
8.8
CVSSv3
CVE-2022-25018
Pluxml v5.8.7 exists to allow malicious users to execute arbitrary code via crafted PHP code inserted into static pages.
Pluxml Pluxml 5.8.7
1 Github repository
5.4
CVSSv3
CVE-2022-25020
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Pluxml Pluxml 5.8.7
5.4
CVSSv3
CVE-2022-24585
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
Pluxml Pluxml 5.8.7
5.4
CVSSv3
CVE-2022-24586
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
Pluxml Pluxml 5.8.7
5.4
CVSSv3
CVE-2022-24587
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows malicious users to execute arbitrary web scripts or HTML.
Pluxml Pluxml 5.8.7
4.8
CVSSv3
CVE-2021-38602
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
Pluxml Pluxml 5.8.7
1 Github repository
NA
CVE-2007-3542
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote malicious users to inject arbitrary web script or HTML via the msg parameter.
Pluxml Pluxml 0.3.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »