CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45745
https://notcve.org/view.php?id=CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 https://github.com/plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45744
https://notcve.org/view.php?id=CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 https://github.com/plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-tags-field-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-35323 – Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-35323
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en bludit versión 3-13-1 por medio del nombre de usuario en admin/login Bludit version 3.13.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50529 http://packetstormsecurity.com/files/164990/Bludit-3.13.1-Cross-Site-Scripting.html https://github.com/bludit/bludit/issues/1327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20495
https://notcve.org/view.php?id=CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. bludit versión v3.13.0 contiene una vulnerabilidad de eliminación de archivos arbitraria en el plugin de copia de seguridad por medio del parámetro "deleteBackup" • https://github.com/bludit/bludit/issues/1246 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18879
https://notcve.org/view.php?id=CVE-2020-18879
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. Una Carga de Archivos sin Restricciones en Bludit versión v3.8.1, permite a atacantes remotos ejecutar código arbitrario subiendo archivos maliciosos por medio de el componente "bl-kereln/ajax/upload-logo.php". • https://github.com/bludit/bludit/issues/1011 • CWE-434: Unrestricted Upload of File with Dangerous Type •