Pluxml Pluxml Cms
3 CVEs affecting Pluxml Pluxml Cms. Latest disclosed: 2026-02-27. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24352 | Critical | 9.8 | 2026-02-27 | PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour… |
CVE-2026-24351 | Medium | 5.4 | 2026-02-27 | PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, w… |
CVE-2026-24350 | Medium | 5.4 | 2026-02-27 | PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which… |