CVE-2021-38603

2021-08-12T00:00:00
ID AKB:FC9E0ABC-CAFB-4F50-9362-44285D1412FD
Type attackerkb
Reporter AttackerKB
Modified 2021-08-17T00:00:00

Description

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

Recent assessments:

nu11secur1ty at August 13, 2021 11:57am UTC reported:

Link: <https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38603>

Vulnerability parameter in profil.php “id_content”
NOTE: The same problem is in the demo account in the online version
<https://www.softaculous.com/softaculous/demos/PluXml>

Proof: <https://streamable.com/5rf36u>

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5