MoritzHuppert

3 exploits Active since Mar 2022
CVE-2022-25018 NOMISEC HIGH NO CODE
Pluxml v5.8.7 - Remote Code Execution via Static Page PHP Injection
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
1 stars
CVSS 8.8
CVE-2022-25020 NOMISEC MEDIUM NO CODE
Pluxml v5.8.7 - Stored Cross-Site Scripting via Blog Post Thumbnail Path
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
CVSS 5.4
CVE-2022-25022 NOMISEC MEDIUM NO CODE
htmly 2.8.1 - Stored Cross-Site Scripting in Blog Post Content Field
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.
CVSS 5.4