VYPR
Medium severity5.4NVD Advisory· Published Feb 27, 2026· Updated May 19, 2026

CVE-2026-24351

CVE-2026-24351

Description

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 5.8.21 and 5.9.0-rc7 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Pluxml/Pluxml4 versions
    cpe:2.3:a:pluxml:pluxml:5.8.21:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:pluxml:pluxml:5.8.21:*:*:*:*:*:*:*
    • cpe:2.3:a:pluxml:pluxml:5.9.0:rc7:*:*:*:*:*:*
    • (no CPE)range: =5.8.21, =5.9.0-rc7
    • (no CPE)range: 5.9.0-rc7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.