Lucene search
K

296 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 11:35 a.m.7 views

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/27 11:35 a.m.5 views

CVE-2026-24352 Session Fixation in PluXml CMS

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

4.8CVSS5.9AI score0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 11:35 a.m.23 views

CVE-2026-24352 Session Fixation in PluXml CMS

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

4.8CVSS0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 11:35 a.m.13 views

CVE-2026-24352

PluXml CMS contains CVE-2026-24352: an authentication session can be fixed to a victim’s session ID, enabling session hijacking after login. Affected component is the user/session handling, where the session identifier can be set before authentication and persists post-authentication. Reported te...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/27 11:35 a.m.7 views

CVE-2026-24351 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS6AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 11:35 a.m.23 views

CVE-2026-24351 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 11:35 a.m.9 views

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.4CVSS6AI score0.00177EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/27 11:35 a.m.13 views

CVE-2026-24351

PluXml CMS is affected by CVE-2026-24351 (Stored XSS in Static Pages editing). An attacker with editing privileges can inject arbitrary HTML/JS that is rendered when visiting the edited page. Vulnerable confirmed in versions 5.8.21 and 5.9.0-rc7; other versions were not tested and might also be v...

5.4CVSS6AI score0.00177EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 11:35 a.m.4 views

CVE-2026-24350 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS6AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 11:35 a.m.5 views

CVE-2026-24350 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS6.1AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 11:35 a.m.8 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 11:35 a.m.22 views

CVE-2026-24350 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 11:35 a.m.25 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in the file-uploading functionality. An authenticated attacker can upload an SVG containing a malicious payload; the payload executes when a victim clicks the uploaded image link. In version 5.9.0-rc7, clicking the link does not always trigger the payload, b...

5.4CVSS6AI score0.00169EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22331

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.1CVSS6AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22332

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS6AI score0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22333

Name of the Vulnerable Software and Affected Versions PluXml CMS versions 5.8.21 and 5.9.0-rc7 Description PluXml CMS allows a user’s session identifier to be set before authentication. The value of this session ID remains consistent even after authentication. This behavior allows an attacker to...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

PluXml CMS 授权问题漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS have vulnerabilities related to authorization. These vulnerabilities stem from the ability to set session identifiers before authentication, which may lead t...

9.8CVSS5.8AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

PluXml CMS 跨站脚本漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS contain cross-site scripting vulnerabilities. These vulnerabilities stem from the file upload feature’s storage-based cross-site scripting, which may allow f...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.12 views

PluXml CMS 跨站脚本漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS contain cross-site scripting vulnerabilities. These vulnerabilities stem from the static page editing feature’s storage-based cross-site scripting...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-15438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media...

7.2CVSS5.5AI score0.00386EPSS
Exploits1References2
Rows per page
Query Builder