Your submission was sent successfully! Close

CVE-2022-24585

Published: 15 February 2022

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
pluxml
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)