pluxml · threatengine.sh

CVE-2025-70129

<= 5.8.22

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a f

5.3MEDIUM

CVE-2025-70128

<= 5.8.22

A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and ear

6.1MEDIUM

CVE-2026-24352

all versions

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after a

9.8CRITICAL

CVE-2026-24351

all versions

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrar

5.4MEDIUM

CVE-2026-24350

all versions

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containin

5.4MEDIUM

CVE-2025-15438

<= 5.8.22

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/m

4.7MEDIUM

CVE-2025-67436

all versions

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a mali

6.5MEDIUM

CVE-2024-22636

all versions

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnera

8.8HIGH

CVE-2022-25020

all versions

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafte

5.4MEDIUM

CVE-2022-25018

all versions

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.

8.8HIGH

CVE-2022-24587

all versions

A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to exec

5.4MEDIUM

CVE-2022-24585

all versions

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to ex

5.4MEDIUM

CVE-2022-24586

all versions

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to

5.4MEDIUM

CVE-2021-38603

all versions

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

4.8MEDIUM

CVE-2021-38602

all versions

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.

4.8MEDIUM

CVE-2020-18185

all versions

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux envir

9.8CRITICAL

CVE-2017-1001001

all versions

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result

5.4MEDIUM

CVE-2012-4675

<= 5.1.5

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspec

CVE-2012-4674

<= 5.1.5

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.

CVE-2012-2227

<= 5.1.5

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitr

CVE-2007-3542

all versions

Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script

CVE-2007-3432

all versions

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary