Lucene search
K

297 matches found

Cvelist
Cvelist
added 2026/03/10 12:0 a.m.29 views

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

0.00286EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/10 12:0 a.m.30 views

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

0.00225EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 12:0 a.m.12 views

CVE-2025-70128

Summary: CVE-2025-70128 describes a Stored XSS in PluXml, affecting versions up to 5.8.22, in the article comments feature. Affected component: PluXml core/admin/comments.php. Root cause: User-supplied input in the comment’s link field is not properly sanitized/validated, allowing malicious [remo...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-24350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which...

5.4CVSS5.9AI score0.00169EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-24352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour...

9.8CVSS5.8AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-24351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website,...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.11 views

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.7 views

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS6AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 12:31 p.m.6 views

EUVD-2026-9022

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 12:31 p.m.8 views

EUVD-2026-9024

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 12:31 p.m.9 views

EUVD-2026-9023

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS6AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 12:16 p.m.6 views

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 12:16 p.m.8 views

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 12:16 p.m.10 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS0.00169EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/27 12:16 p.m.8 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/27 12:16 p.m.16 views

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS6AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 12:16 p.m.6 views

UBUNTU-CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 12:16 p.m.15 views

UBUNTU-CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.7AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 12:16 p.m.37 views

UBUNTU-CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References4
Rows per page
Query Builder