CVE-2021-38602

MEDIUM

PluXML 5.8.7 - Stored Cross-Site Scripting via Article Headline or Content

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-38602. PoCs published by KielVaughn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-38602, a stored XSS vulnerability in PluXML version 5.8.7. It identifies vulnerable fields (Headline and Content) and includes visual proof of the exploit in action.

Description

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.

Exploits (1)

nomisec WRITEUP 1 stars
by KielVaughn · poc
https://github.com/KielVaughn/CVE-2021-38602

This repository provides a detailed technical analysis of CVE-2021-38602, a stored XSS vulnerability in PluXML version 5.8.7. It identifies vulnerable fields (Headline and Content) and includes visual proof of the exploit in action.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PluXML 5.8.7
Auth required
Prerequisites: Access to the Article editing page in PluXML
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://pluxml.org/download/changelog.txt
Exploit, Third Party Advisory x_refsource_misc
https://github.com/KielVaughn/CVE-2021-38602

Scores

CVSS v3 4.8
EPSS 0.0076
EPSS Percentile 50.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
pluxml/pluxml 5.8.7
Published Aug 12, 2021
Tracked Since Feb 18, 2026