CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-13889
https://notcve.org/view.php?id=CVE-2020-13889
showAlert() in the administration panel in Bludit 3.12.0 allows XSS. La función showAlert() en el panel de administración en Bludit versión 3.12.0, permite un ataque de tipo XSS • https://github.com/gh0st56/CVE-2020-13889 https://github.com/bludit/bludit/issues/1205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8811
https://notcve.org/view.php?id=CVE-2020-8811
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. El archivo ajax/profile-picture-upload.php en Bludit versión 3.10.0, permite a usuarios autenticados cambiar las imágenes de perfil de otros usuarios. • https://github.com/bludit/bludit/issues/1131 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8812
https://notcve.org/view.php?id=CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. ** EN DISPUTA ** Bludit versión 3.10.0, permite a los roles Editor o Autor insertar JavaScript malicioso en el editor WYSIWYG. NOTA: la perspectiva del proveedor es que esto "not a bug." • https://github.com/bludit/bludit/issues/1132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 9CVE-2019-17240 – Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
https://notcve.org/view.php?id=CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. El archivo bl-kernel/security.class.php en Bludit versión 3.9.2, permite a atacantes omitir un mecanismo de protección de fuerza bruta mediante el uso de muchos encabezados HTTP X-Forward-For o Client-IP falsificados diferentes. Bludit version 3.9.2 suffer from an authentication bruteforce mitigation bypass vulnerability. • https://github.com/ColdFusionX/CVE-2019-17240-Exploit-Bludit-BF-bypass https://www.exploit-db.com/exploits/48746 https://www.exploit-db.com/exploits/48942 https://github.com/pingport80/CVE-2019-17240 https://github.com/mind2hex/CVE-2019-17240 https://github.com/jayngng/bludit-CVE-2019-17240 https://github.com/triple-octopus/Bludit-CVE-2019-17240-Fork http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html http://packetstormsecurity.com/files& • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16334
https://notcve.org/view.php?id=CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. En Bludit versión v3.9.2, se presenta una vulnerabilidad de tipo XSS persistente en el campo Categories -) Add New Category -) Name. NOTA: esto puede solaparse con CVE-2017-16636. • https://github.com/bludit/bludit/issues/1078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •