4 matches found
CVE-2022-24585
A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...
CVE-2022-24585
A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...
CVE-2022-24585
Removed by vendor...
CVE-2022-24585
CVE-2022-24585 is a stored XSS in PluXml v5.8.7, exploiting the /core/admin/comment.php component. The vulnerability is triggered via the author parameter, allowing attackers to inject arbitrary web scripts/HTML. Affected software is PluXml 5.8.7; the root cause is unsanitized input in the author...