CVE-2021-38602
MEDIUMPluXML 5.8.7 - Stored Cross-Site Scripting via Article Headline or Content
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-38602. PoCs published by KielVaughn.
AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-38602, a stored XSS vulnerability in PluXML version 5.8.7. It identifies vulnerable fields (Headline and Content) and includes visual proof of the exploit in action.
Description
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
Exploits (1)
nomisec
WRITEUP
1 stars
by KielVaughn · poc
https://github.com/KielVaughn/CVE-2021-38602
This repository provides a detailed technical analysis of CVE-2021-38602, a stored XSS vulnerability in PluXML version 5.8.7. It identifies vulnerable fields (Headline and Content) and includes visual proof of the exploit in action.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PluXML 5.8.7
Auth required
Prerequisites:
Access to the Article editing page in PluXML
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://pluxml.org/download/changelog.txt
Exploit, Third Party Advisory x_refsource_misc
https://github.com/KielVaughn/CVE-2021-38602
Scores
CVSS v3
4.8
EPSS
0.0076
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
pluxml/pluxml
5.8.7
Published
Aug 12, 2021
Tracked Since
Feb 18, 2026