A stored cross site scripting vulnerability is present on the Article editing page in version 5.8.7 of PluXML. User input is not properly sanitized in multiple fields.
- Headline (optional):
- Content:
Once inserted, XSS can be triggered by visiting the posted article at the link mentioned under Link to article: near the top of the page.