CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8812
https://notcve.org/view.php?id=CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. ** EN DISPUTA ** Bludit versión 3.10.0, permite a los roles Editor o Autor insertar JavaScript malicioso en el editor WYSIWYG. NOTA: la perspectiva del proveedor es que esto "not a bug." • https://github.com/bludit/bludit/issues/1132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 9CVE-2019-17240 – Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
https://notcve.org/view.php?id=CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. El archivo bl-kernel/security.class.php en Bludit versión 3.9.2, permite a atacantes omitir un mecanismo de protección de fuerza bruta mediante el uso de muchos encabezados HTTP X-Forward-For o Client-IP falsificados diferentes. Bludit version 3.9.2 suffer from an authentication bruteforce mitigation bypass vulnerability. • https://github.com/ColdFusionX/CVE-2019-17240-Exploit-Bludit-BF-bypass https://www.exploit-db.com/exploits/48746 https://www.exploit-db.com/exploits/48942 https://github.com/pingport80/CVE-2019-17240 https://github.com/mind2hex/CVE-2019-17240 https://github.com/jayngng/bludit-CVE-2019-17240 https://github.com/triple-octopus/Bludit-CVE-2019-17240-Fork http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html http://packetstormsecurity.com/files& • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16334
https://notcve.org/view.php?id=CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. En Bludit versión v3.9.2, se presenta una vulnerabilidad de tipo XSS persistente en el campo Categories -) Add New Category -) Name. NOTA: esto puede solaparse con CVE-2017-16636. • https://github.com/bludit/bludit/issues/1078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 91%CPEs: 1EXPL: 15CVE-2019-16113 – Bludit 3.9.2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. Bludit versión 3.9.2 permite la ejecución remota de código mediante bl-kernel/ajax/upload-images.php porque el código PHP se puede acceder con un nombre de archivo .jpg, y luego este código PHP puede escribir otro código PHP en un ../nombre de ruta. Bludit version 3.9.12 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/48701 https://www.exploit-db.com/exploits/47699 https://www.exploit-db.com/exploits/48568 https://github.com/cybervaca/CVE-2019-16113 https://github.com/ynots0ups/CVE-2019-16113 https://github.com/0xConstant/CVE-2019-16113 https://github.com/hg8/CVE-2019-16113-PoC https://github.com/mind2hex/CVE-2019-16113 https://github.com/dldygnl/CVE-2019-16113 https://github.com/DXY0411/CVE-2019-16113 https://github.com/Kenun99/CVE-2019& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12742
https://notcve.org/view.php?id=CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). Bludit anterior a 3.9.1 le permite a un usuario sin privilegios cambiar la contraseña de cualquier cuenta, incluido admin. Esto ocurre debido a la Referencia de objeto directo inseguro de bl-kernel / admin / controllers / user-password.php (un parámetro POST de nombre de usuario modificado). • https://github.com/bludit/bludit/commit/a1bb333153fa8ba29a88cfba423d810f509a2b37 https://github.com/bludit/bludit/releases/tag/3.9.1 • CWE-639: Authorization Bypass Through User-Controlled Key •