PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Recent assessments:
nu11secur1ty at August 13, 2021 11:57am UTC reported:
Link: <https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38603>
Vulnerability parameter in profil.php βid_contentβ
NOTE: The same problem is in the demo account in the online version
<https://www.softaculous.com/softaculous/demos/PluXml>
Proof: <https://streamable.com/5rf36u>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5