Plume-cms : Security Vulnerabilities, CVEs, (XSS)

CVE-2012-2156

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
Max CVSS
4.3
EPSS Score
0.95%
Published
2012-04-11
Updated
2017-12-20

CVE-2011-3985

Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.11%
Published
2011-11-09
Updated
2011-11-10

CVE-2008-1048

Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-02-27
Updated
2017-08-08
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close