Known Vulnerabilities for products from PluXml
Listed below are 20 of the newest known vulnerabilities associated with the vendor "PluXml".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-24352 json | PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same af... | Not Provided | 2026-02-27 | 2026-05-19 |
| CVE-2026-24351 json | PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arb... | Not Provided | 2026-02-27 | 2026-05-19 |
| CVE-2026-24350 json | PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file cont... | Not Provided | 2026-02-27 | 2026-02-27 |
| CVE-2025-70129 json | If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated wit... | Not Provided | 2026-03-10 | 2026-04-07 |
| CVE-2025-70128 json | A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 an... | Not Provided | 2026-03-10 | 2026-04-07 |
| CVE-2025-15438 json | A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/ad... | Not Provided | 2026-01-02 | 2026-04-29 |
| CVE-2024-22636 json | 8.8 - HIGH | 2024-01-25 | 2024-01-29 | |
| CVE-2022-25020 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-01 | 2022-03-09 |
| CVE-2022-25018 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-01 | 2022-03-09 |
| CVE-2022-24587 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-15 | 2022-02-22 |
| CVE-2022-24586 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-15 | 2022-02-23 |
| CVE-2022-24585 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-15 | 2022-02-22 |
| CVE-2021-38603 json | PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. | 4.8 - MEDIUM | 2021-08-12 | 2021-08-16 |
| CVE-2021-38602 json | PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. | 4.8 - MEDIUM | 2021-08-12 | 2021-08-16 |
| CVE-2020-18185 json | class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux ... | 9.8 - CRITICAL | 2020-10-02 | 2020-10-08 |
| CVE-2017-1001001 json | PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can re... | Not Provided | 2017-11-01 | 2025-04-20 |
| CVE-2012-4675 json | Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via u... | Not Provided | 2012-08-26 | 2026-04-29 |
| CVE-2012-4674 json | PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. | Not Provided | 2012-08-26 | 2026-04-29 |
| CVE-2012-2227 json | Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute a... | Not Provided | 2012-08-26 | 2026-04-29 |
| CVE-2007-3542 json | Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web sc... | Not Provided | 2007-07-03 | 2026-04-23 |
Known software with vulnerabilities from PluXml
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pluxml | Pluxml | 0.3.1 |