Register | Log in

pluxml

light blog/CMS engine powered by XML

Choose email to subscribe with

general

source: pluxml (main)
version: 5.6-1
maintainer: Tanguy Ortolo (DMD)
arch: all
std-ver: 4.1.3
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.5-2
oldstable: 5.6-1

versioned links

5.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

pluxml

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

11 security issues in buster high

There are 11 open security issues in buster.

5 important issues:

CVE-2022-24585: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVE-2022-24586: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVE-2022-24587: A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-25018: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
CVE-2022-25020: A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.

6 ignored issues:

CVE-2007-3432: Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
CVE-2007-3542: Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2012-4674: PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
CVE-2012-4675: Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
CVE-2021-38602: PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
CVE-2021-38603: PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

Created: 2022-07-04 Last update: 2022-10-08 00:30

news

[2022-06-25] Removed 5.6-1 from unstable (Debian FTP Masters)
[2020-11-29] pluxml REMOVED from testing (Debian testing watch)
[2018-03-27] pluxml 5.6-1 MIGRATED to testing (Debian testing watch)
[2018-03-21] Accepted pluxml 5.6-1 (source all) into unstable (Tanguy Ortolo)
[2017-12-15] pluxml REMOVED from testing (Debian testing watch)
[2016-08-18] pluxml 5.5-2 MIGRATED to testing (Debian testing watch)
[2016-08-12] Accepted pluxml 5.5-2 (source all) into unstable (Tanguy Ortolo)
[2016-05-14] pluxml 5.5-1 MIGRATED to testing (Debian testing watch)
[2016-05-08] Accepted pluxml 5.5-1 (source all) into unstable (Tanguy Ortolo)
[2015-07-29] pluxml 5.4-1 MIGRATED to testing (Britney)
[2015-07-23] Accepted pluxml 5.4-1 (source all) into unstable (Tanguy Ortolo)
[2014-09-11] pluxml 5.3.1-2 MIGRATED to testing (Britney)
[2014-08-31] Accepted pluxml 5.3.1-2 (source all) into unstable (Tanguy Ortolo)
[2014-04-24] pluxml 5.3.1-1 MIGRATED to testing (Debian testing watch)
[2014-04-18] Accepted pluxml 5.3.1-1 (source all) (Tanguy Ortolo)
[2014-01-20] pluxml 5.3-1 MIGRATED to testing (Debian testing watch)
[2014-01-14] Accepted pluxml 5.3-1 (source all) (Tanguy Ortolo)
[2013-12-02] pluxml 5.2-4 MIGRATED to testing (Debian testing watch)
[2013-11-25] Accepted pluxml 5.2-4 (source all) (Tanguy Ortolo)
[2013-11-07] pluxml 5.2-3 MIGRATED to testing (Debian testing watch)
[2013-10-27] Accepted pluxml 5.2-3 (source all) (Tanguy Ortolo)
[2013-09-13] pluxml 5.2-2 MIGRATED to testing (Debian testing watch)
[2013-09-02] Accepted pluxml 5.2-1 (source amd64) (Tanguy Ortolo)
[2013-09-02] Accepted pluxml 5.2-2 (source all) (Tanguy Ortolo)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing