PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Debian Bug report logs -
#881796
CVE-2017-1001001: pluxml: XSS and missing httponly flag
Package:
pluxml;
Maintainer for pluxml is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for pluxml is src:pluxml (PTS, buildd, popcon)
Reported by: Henri Salo <henri@nervfi>
Date: Wed, 15 Nov 2017 07:18:02 UTC
Severity: grave ...