CVE-2021-38603

Name of the Vulnerable Software and Affected Versions PluXML version 5.8.7

Description The issue is related to a stored XSS vulnerability in the core/admin/profil.php file of the PluXML content management system. This vulnerability exists due to inadequate protection of the web page structure. Exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability can be exploited via the Information field.

Recommendations For PluXML version 5.8.7, as a temporary workaround, consider disabling the Information field in the core/admin/profil.php file until a patch is available. Restrict access to the core/admin/profil.php file to minimize the risk of exploitation. Avoid using the Information field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.