Download
| Alert*
CVE-2011-3985
Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2008-1048 Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. CVE-2012-2156 Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, o ... CVE-2012-1414 Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action. |