CVE-2017-16636

https://notcve.org/view.php?id=CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. • https://www.vulnerability-lab.com/get_content.php?id=2000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •