Browse all 4 CVE security advisories affecting PluXml. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PluXml serves as a lightweight, file-based content management system primarily used for creating and managing websites without requiring a database. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insufficient access controls. While no major security incidents have been widely documented, the four recorded CVEs highlight ongoing concerns around secure coding practices. The system's simplicity and minimal dependencies contribute to its appeal but also present challenges in maintaining robust security, particularly in environments where timely updates may not be consistently applied.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24352 | Session Fixation in PluXml CMS — PluXml CMSCWE-384 | 8.2 | - | 2026-02-27 |
| CVE-2026-24351 | Stored XSS in PluXml CMS — PluXml CMSCWE-79 | 4.8 | - | 2026-02-27 |
| CVE-2026-24350 | Stored XSS in PluXml CMS — PluXml CMSCWE-79 | 5.4 | - | 2026-02-27 |
| CVE-2017-1001001 | PluXml 跨站脚本漏洞 — PluXml | 5.4 | - | 2017-11-01 |
This page lists every published CVE security advisory associated with PluXml. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.