Headline
CVE-2022-25020: PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Vulnerability Details : CVE-2021-38602
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
Publish Date : 2021-08-12 Last Update Date : 2021-08-16
- CVSS Scores & Vulnerability Types
CVSS Score
3.5
Confidentiality Impact
None (There is no impact to the confidentiality of the system.)
Integrity Impact
Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact
None (There is no impact to the availability of the system.)
Access Complexity
Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication
???
Gained Access
None
Vulnerability Type(s)
Cross Site Scripting
CWE ID
79
- Products Affected By CVE-2021-38602
Product Type
Vendor
Product
Version
Update
Edition
Language
1
Application
Pluxml
Pluxml
5.8.7
*
*
*
Version Details Vulnerabilities
- Number Of Affected Versions By Product
Vendor
Product
Vulnerable Versions
Pluxml
Pluxml
1
- References For CVE-2021-38602