3 matches found
CVE-2026-24351 Stored XSS in PluXml CMS
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
UBUNTU-CVE-2025-57567
A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...