Moritz Huppert

**Name of the Vulnerable Software and Affected Versions** Pluxml version 5.8.7 **Description** The issue allows attackers to execute arbitrary code via crafted PHP code inserted into static pages. **Recommendations** For Pluxml version 5.8.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pluxml version 5.8.7 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `thumbnail path` of a blog post. **Recommendations** For Pluxml version 5.8.7, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Htmly version 2.8.1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts via a crafted payload in the `content` field of a blog post. This enables the execution of malicious HTML code. **Recommendations** For Htmly version 2.8.1, consider disabling the blog post feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the content field to minimize the risk of malicious payload injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.