PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
Max CVSS
8.8
EPSS Score
0.11%
Published
2024-01-25
Updated
2024-01-29
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Max CVSS
5.4
EPSS Score
0.14%
Published
2022-03-01
Updated
2022-03-09
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
Max CVSS
8.8
EPSS Score
1.40%
Published
2022-03-01
Updated
2022-03-09
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-22
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-23
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2022-02-22
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
Max CVSS
9.8
EPSS Score
3.28%
Published
2020-10-02
Updated
2020-10-08
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-01
Updated
2017-11-18
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-26
Updated
2012-08-27
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Max CVSS
7.5
EPSS Score
2.93%
Published
2012-08-26
Updated
2017-08-29
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
Max CVSS
7.5
EPSS Score
1.00%
Published
2007-06-27
Updated
2018-10-16
11 vulnerabilities found