Stored XSS in PluXML 5.8.7 Affects Website Security
CVE-2021-38603

4.8MEDIUM

Key Information:

Vendor

Pluxml

Status
Pluxml
Vendor
CVE Published:
12 August 2021

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2021-38603?

The vulnerability in PluXML version 5.8.7 allows attackers to exploit the core/admin/profil.php component through stored cross-site scripting via the Information field. This can lead to unauthorized data access and manipulation, posing significant risks to user security and website integrity. Users are advised to review security measures and patch the affected version.

References

https://pluxml.org/download/changelog.txt
x_refsource_MISC
https://github.com/KielVaughn/CVE-2021-38603
x_refsource_MISC
http://packetstormsecurity.com/files/163823/PluXML-5.8.7-...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-38603 : Stored XSS in PluXML 5.8.7 Affects Website Security