Skip to main content

Pluxml CVE-2012-4675

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2012-08-26 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 26, 2012 - 18:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.

AnalysisAI

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. Affected products include: Pluxml.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Pluxml

View all
CVE-2012-2227 HIGH POC
7.5 Aug 26

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and exec

CVE-2020-18185 CRITICAL POC
9.8 Oct 02

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a l

CVE-2022-25018 HIGH POC
8.8 Mar 01

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static page

CVE-2024-22636 HIGH POC
8.8 Jan 25

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. Ra

CVE-2022-25020 MEDIUM POC
5.4 Mar 01

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML vi

CVE-2021-38603 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Rated medium severity (CVSS 4.8), this v

CVE-2021-38602 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. Rated medium severity (CVSS 4.8), this vulnerabi

CVE-2017-1001001 MEDIUM
5.4 Nov 01

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which c

CVE-2026-24350 MEDIUM
5.4 Feb 27

Stored XSS in PluXml CMS file upload functionality allows authenticated attackers to embed malicious payloads in SVG fil

CVE-2025-70129 MEDIUM
5.3 Mar 10

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generate

CVE-2026-24351 MEDIUM
5.1 Feb 27

PluXml CMS versions 5.8.21 and 5.9.0-rc7 contain a stored cross-site scripting vulnerability in the static pages editor

CVE-2012-4674 MEDIUM
5.0 Aug 26

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. Rated medium severity (CV

Share

CVE-2012-4675 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy