PluXml CMS Stored Cross-Site Scripting Vulnerability in Static Pages Editing

Vulnerability

A stored cross-site scripting vulnerability has been identified in PluXml CMS versions 5.8.21 and 5.9.0-rc7. This issue arises in the static pages editing feature, where an attacker with editing privileges can inject arbitrary HTML and JavaScript. The injected content is executed when the edited page is viewed. While only these two versions have been confirmed vulnerable, other versions may also be affected.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Added: Feb 27, 2026, 12:18 PM

Updated: Feb 27, 2026, 2:11 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PluXml CMS Stored Cross-Site Scripting Vulnerability in Static Pages Editing

Vulnerability

Impact

Affected Products

PluXml

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating