Search criteria
15 vulnerabilities by PluXml
CVE-2024-22636 (GCVE-0-2024-22636)
Vulnerability from cvelistv5 – Published: 2024-01-25 00:00 – Updated: 2025-05-30 14:15
VLAI?
Summary
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:21:27.465576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:15:47.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:20:16.436Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22636",
"datePublished": "2024-01-25T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-05-30T14:15:47.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25020 (GCVE-0-2022-25020)
Vulnerability from cvelistv5 – Published: 2022-03-01 01:26 – Updated: 2024-08-03 04:29
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pluxml.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cvedetails.com/cve/CVE-2021-38602/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/TsGp-QB5XWI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T01:26:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pluxml.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cvedetails.com/cve/CVE-2021-38602/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/TsGp-QB5XWI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pluxml.com",
"refsource": "MISC",
"url": "http://pluxml.com"
},
{
"name": "https://www.cvedetails.com/cve/CVE-2021-38602/",
"refsource": "MISC",
"url": "https://www.cvedetails.com/cve/CVE-2021-38602/"
},
{
"name": "https://youtu.be/TsGp-QB5XWI",
"refsource": "MISC",
"url": "https://youtu.be/TsGp-QB5XWI"
},
{
"name": "https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf",
"refsource": "MISC",
"url": "https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25020",
"datePublished": "2022-03-01T01:26:20",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25018 (GCVE-0-2022-25018)
Vulnerability from cvelistv5 – Published: 2022-03-01 01:25 – Updated: 2024-08-03 04:29
VLAI?
Summary
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pluxml.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluxml/PluXml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/Gbe2UNCB0tY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T01:25:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pluxml.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluxml/PluXml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/Gbe2UNCB0tY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pluxml.com",
"refsource": "MISC",
"url": "http://pluxml.com"
},
{
"name": "https://github.com/pluxml/PluXml",
"refsource": "MISC",
"url": "https://github.com/pluxml/PluXml"
},
{
"name": "https://youtu.be/Gbe2UNCB0tY",
"refsource": "MISC",
"url": "https://youtu.be/Gbe2UNCB0tY"
},
{
"name": "https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf",
"refsource": "MISC",
"url": "https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25018",
"datePublished": "2022-03-01T01:25:11",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24587 (GCVE-0-2022-24587)
Vulnerability from cvelistv5 – Published: 2022-02-15 15:40 – Updated: 2024-08-03 04:13
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T15:40:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24587",
"datePublished": "2022-02-15T15:40:04",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-03T04:13:56.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24585 (GCVE-0-2022-24585)
Vulnerability from cvelistv5 – Published: 2022-02-15 15:09 – Updated: 2024-08-03 04:13
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T15:09:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24585",
"datePublished": "2022-02-15T15:09:16",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-03T04:13:56.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24586 (GCVE-0-2022-24586)
Vulnerability from cvelistv5 – Published: 2022-02-15 13:54 – Updated: 2024-08-03 04:13
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T13:54:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"name": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf",
"refsource": "MISC",
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24586",
"datePublished": "2022-02-15T13:54:45",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-03T04:13:56.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38603 (GCVE-0-2021-38603)
Vulnerability from cvelistv5 – Published: 2021-08-12 22:05 – Updated: 2024-08-04 01:44
VLAI?
Summary
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pluxml.org/download/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KielVaughn/CVE-2021-38603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163823/PluXML-5.8.7-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-13T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pluxml.org/download/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KielVaughn/CVE-2021-38603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163823/PluXML-5.8.7-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pluxml.org/download/changelog.txt",
"refsource": "MISC",
"url": "https://pluxml.org/download/changelog.txt"
},
{
"name": "https://github.com/KielVaughn/CVE-2021-38603",
"refsource": "MISC",
"url": "https://github.com/KielVaughn/CVE-2021-38603"
},
{
"name": "http://packetstormsecurity.com/files/163823/PluXML-5.8.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163823/PluXML-5.8.7-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38603",
"datePublished": "2021-08-12T22:05:57",
"dateReserved": "2021-08-12T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38602 (GCVE-0-2021-38602)
Vulnerability from cvelistv5 – Published: 2021-08-12 22:03 – Updated: 2024-08-04 01:44
VLAI?
Summary
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pluxml.org/download/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KielVaughn/CVE-2021-38602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T22:03:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pluxml.org/download/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KielVaughn/CVE-2021-38602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pluxml.org/download/changelog.txt",
"refsource": "MISC",
"url": "https://pluxml.org/download/changelog.txt"
},
{
"name": "https://github.com/KielVaughn/CVE-2021-38602",
"refsource": "MISC",
"url": "https://github.com/KielVaughn/CVE-2021-38602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38602",
"datePublished": "2021-08-12T22:03:45",
"dateReserved": "2021-08-12T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18185 (GCVE-0-2020-18185)
Vulnerability from cvelistv5 – Published: 2020-10-02 12:50 – Updated: 2024-08-04 14:00
VLAI?
Summary
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluxml/PluXml/issues/321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T12:50:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluxml/PluXml/issues/321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluxml/PluXml/issues/321",
"refsource": "MISC",
"url": "https://github.com/pluxml/PluXml/issues/321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18185",
"datePublished": "2020-10-02T12:50:32",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:00:49.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1001001 (GCVE-0-2017-1001001)
Vulnerability from cvelistv5 – Published: 2017-11-01 17:00 – Updated: 2024-09-16 23:11
VLAI?
Summary
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pluxml/PluXml/issues/253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PluXml",
"vendor": "PluXml",
"versions": [
{
"status": "affected",
"version": "before 5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-01T17:00:00Z",
"orgId": "46fe6300-5254-4a98-9594-a9567bec8179",
"shortName": "joshbressers"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluxml/PluXml/issues/253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "josh@bress.net",
"ID": "CVE-2017-1001001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PluXml",
"version": {
"version_data": [
{
"version_value": "before 5.6"
}
]
}
}
]
},
"vendor_name": "PluXml"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluxml/PluXml/issues/253",
"refsource": "CONFIRM",
"url": "https://github.com/pluxml/PluXml/issues/253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "46fe6300-5254-4a98-9594-a9567bec8179",
"assignerShortName": "joshbressers",
"cveId": "CVE-2017-1001001",
"datePublished": "2017-11-01T17:00:00Z",
"dateReserved": "2017-11-01T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:37.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4674 (GCVE-0-2012-4674)
Vulnerability from cvelistv5 – Published: 2012-08-26 18:00 – Updated: 2024-09-16 19:01
VLAI?
Summary
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6",
"refsource": "CONFIRM",
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"name": "http://telechargements.pluxml.org/changelog",
"refsource": "CONFIRM",
"url": "http://telechargements.pluxml.org/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4674",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-08-26T00:00:00Z",
"dateUpdated": "2024-09-16T19:01:46.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2227 (GCVE-0-2012-2227)
Vulnerability from cvelistv5 – Published: 2012-08-26 18:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23086"
},
{
"name": "18828",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18828"
},
{
"name": "20120502 Local File Inclusion in PluXml",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html"
},
{
"name": "pluxml-index-file-include(75330)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75330"
},
{
"name": "49026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49026"
},
{
"name": "81638",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23086"
},
{
"name": "18828",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18828"
},
{
"name": "20120502 Local File Inclusion in PluXml",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html"
},
{
"name": "pluxml-index-file-include(75330)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75330"
},
{
"name": "49026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49026"
},
{
"name": "81638",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53348"
},
{
"name": "https://www.htbridge.com/advisory/HTB23086",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23086"
},
{
"name": "18828",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18828"
},
{
"name": "20120502 Local File Inclusion in PluXml",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html"
},
{
"name": "pluxml-index-file-include(75330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75330"
},
{
"name": "49026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49026"
},
{
"name": "81638",
"refsource": "OSVDB",
"url": "http://osvdb.org/81638"
},
{
"name": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6",
"refsource": "CONFIRM",
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"name": "http://telechargements.pluxml.org/changelog",
"refsource": "CONFIRM",
"url": "http://telechargements.pluxml.org/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2227",
"datePublished": "2012-08-26T18:00:00",
"dateReserved": "2012-04-11T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4675 (GCVE-0-2012-4675)
Vulnerability from cvelistv5 – Published: 2012-08-26 18:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluxml-unspecified-xss(75331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75331"
},
{
"name": "53367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53367"
},
{
"name": "49026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluxml-unspecified-xss(75331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75331"
},
{
"name": "53367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53367"
},
{
"name": "49026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://telechargements.pluxml.org/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluxml-unspecified-xss(75331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75331"
},
{
"name": "53367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53367"
},
{
"name": "49026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49026"
},
{
"name": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6",
"refsource": "CONFIRM",
"url": "http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6"
},
{
"name": "http://telechargements.pluxml.org/changelog",
"refsource": "CONFIRM",
"url": "http://telechargements.pluxml.org/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4675",
"datePublished": "2012-08-26T18:00:00",
"dateReserved": "2012-08-26T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3542 (GCVE-0-2007-3542)
Vulnerability from cvelistv5 – Published: 2007-07-03 20:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluxml-auth-xss(35015)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35015"
},
{
"name": "4096",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "38890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluxml-auth-xss(35015)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35015"
},
{
"name": "4096",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "38890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluxml-auth-xss(35015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35015"
},
{
"name": "4096",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "38890",
"refsource": "OSVDB",
"url": "http://osvdb.org/38890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3542",
"datePublished": "2007-07-03T20:00:00",
"dateReserved": "2007-07-03T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3432 (GCVE-0-2007-3432)
Vulnerability from cvelistv5 – Published: 2007-06-27 00:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070624 Pluxml 0.3.1 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472205/100/0/threaded"
},
{
"name": "42420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42420"
},
{
"name": "4096",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "pluxml-images-file-upload(35016)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070624 Pluxml 0.3.1 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472205/100/0/threaded"
},
{
"name": "42420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42420"
},
{
"name": "4096",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "pluxml-images-file-upload(35016)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070624 Pluxml 0.3.1 Remote Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472205/100/0/threaded"
},
{
"name": "42420",
"refsource": "OSVDB",
"url": "http://osvdb.org/42420"
},
{
"name": "4096",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4096"
},
{
"name": "pluxml-images-file-upload(35016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3432",
"datePublished": "2007-06-27T00:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}