Kielvaughn

**Name of the Vulnerable Software and Affected Versions** PluXML version 5.8.7 **Description** The issue allows for stored XSS attacks, potentially enabling attackers to execute arbitrary web scripts or HTML. This can be achieved through crafted payloads in areas such as the headline, content, or thumbnail path of a blog post. **Recommendations** For PluXML version 5.8.7, consider disabling the editing of articles or restricting access to the headline and content fields until a patch is available. Avoid using crafted payloads in the thumbnail path of blog posts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PluXML version 5.8.7 **Description** The issue is related to a stored XSS vulnerability in the core/admin/profil.php file of the PluXML content management system. This vulnerability exists due to inadequate protection of the web page structure. Exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability can be exploited via the Information field. **Recommendations** For PluXML version 5.8.7, as a temporary workaround, consider disabling the Information field in the core/admin/profil.php file until a patch is available. Restrict access to the core/admin/profil.php file to minimize the risk of exploitation. Avoid using the Information field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.