Skip to main content

Pluxml CVE-2024-22636

HIGH
2024-01-25 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 25, 2024 - 21:15 nvd
HIGH 8.8

DescriptionNVD

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.

AnalysisAI

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. Affected products include: Pluxml.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Pluxml

View all
CVE-2012-2227 HIGH POC
7.5 Aug 26

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and exec

CVE-2020-18185 CRITICAL POC
9.8 Oct 02

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a l

CVE-2022-25018 HIGH POC
8.8 Mar 01

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static page

CVE-2022-25020 MEDIUM POC
5.4 Mar 01

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML vi

CVE-2021-38603 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Rated medium severity (CVSS 4.8), this v

CVE-2021-38602 MEDIUM POC
4.8 Aug 12

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. Rated medium severity (CVSS 4.8), this vulnerabi

CVE-2017-1001001 MEDIUM
5.4 Nov 01

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which c

CVE-2026-24350 MEDIUM
5.4 Feb 27

Stored XSS in PluXml CMS file upload functionality allows authenticated attackers to embed malicious payloads in SVG fil

CVE-2025-70129 MEDIUM
5.3 Mar 10

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generate

CVE-2026-24351 MEDIUM
5.1 Feb 27

PluXml CMS versions 5.8.21 and 5.9.0-rc7 contain a stored cross-site scripting vulnerability in the static pages editor

CVE-2012-4674 MEDIUM
5.0 Aug 26

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. Rated medium severity (CV

CVE-2012-4675 MEDIUM
4.3 Aug 26

Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML

Share

CVE-2024-22636 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy