CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31698 – Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31698
17 May 2023 — Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31572
https://notcve.org/view.php?id=CVE-2023-31572
16 May 2023 — An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19228
https://notcve.org/view.php?id=CVE-2020-19228
11 May 2022 — An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Se ha encontrado un problema en bludit versión v3.13.0, una implementación no segura del plugin de copia de seguridad permite a atacantes cargar archivos arbitrarios • http://bludit.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1590 – Bludit New Content Module new-content cross site scripting
https://notcve.org/view.php?id=CVE-2022-1590
05 May 2022 — A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. • https://github.com/joinia/webray.com.cn/blob/main/Bludit/Bluditreadme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45745
https://notcve.org/view.php?id=CVE-2021-45745
06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45744
https://notcve.org/view.php?id=CVE-2021-45744
06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 3CVE-2021-35323 – Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-35323
19 Oct 2021 — Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en bludit versión 3-13-1 por medio del nombre de usuario en admin/login Bludit version 3.13.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20495
https://notcve.org/view.php?id=CVE-2020-20495
31 Aug 2021 — bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. bludit versión v3.13.0 contiene una vulnerabilidad de eliminación de archivos arbitraria en el plugin de copia de seguridad por medio del parámetro "deleteBackup" • https://github.com/bludit/bludit/issues/1246 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18879
https://notcve.org/view.php?id=CVE-2020-18879
20 Aug 2021 — Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. Una Carga de Archivos sin Restricciones en Bludit versión v3.8.1, permite a atacantes remotos ejecutar código arbitrario subiendo archivos maliciosos por medio de el componente "bl-kereln/ajax/upload-logo.php". • https://github.com/bludit/bludit/issues/1011 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25808
https://notcve.org/view.php?id=CVE-2021-25808
23 Jul 2021 — A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. Una vulnerabilidad de inyección de código en el archivo backup/plugin.php de Bludit versión 3.13.1, permite a atacantes ejecutar código arbitrario por medio de un archivo ZIP diseñado • https://github.com/bludit/bludit/issues/1298 • CWE-94: Improper Control of Generation of Code ('Code Injection') •