PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
nu11secur1ty at August 13, 2021 11:57am UTC reported:
Vulnerability parameter in profil.php “id_content”
NOTE: The same problem is in the demo account in the online version
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5