CVE-2021-38602

A stored cross site scripting vulnerability is present on the Article editing page in version 5.8.7 of PluXML. User input is not properly sanitized in multiple fields.

Vulnerable Fields:

Headline (optional):
Content:

Once inserted, XSS can be triggered by visiting the posted article at the link mentioned under Link to article: near the top of the page.

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
PluXML_Content_Stored_XSS.png		PluXML_Content_Stored_XSS.png
PluXML_Create_Article.png		PluXML_Create_Article.png
PluXML_Headline_Stored_XSS.png		PluXML_Headline_Stored_XSS.png
PluXML_Link_to_Article.png		PluXML_Link_to_Article.png
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-38602

Vulnerable Fields:

Headline Stored XSS Example

Content Stored XSS Example

About

Releases

Packages

KielVaughn/CVE-2021-38602

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-38602

Vulnerable Fields:

Headline Stored XSS Example

Content Stored XSS Example

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages