CVE-2026-24351

Name of the Vulnerable Software and Affected Versions PluXml CMS versions 5.8.21 and 5.9.0-rc7

Description PluXml CMS contains a Stored Cross-Site Scripting (XSS) issue within the Static Pages editing functionality. An attacker possessing editing privileges can inject arbitrary HTML and JavaScript code into a website. This injected code will be rendered and executed when a user visits the edited page. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges.

Recommendations Update to a newer version of PluXml CMS that addresses this vulnerability. As a temporary workaround, carefully review and sanitize all content added to Static Pages before publishing. Restrict editing privileges to trusted users only.