NotCVE - vendor:"Bludit" product:"Bludit" version:"3.0.0"

5 results (0.012 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-45745

https://notcve.org/view.php?id=CVE-2021-45745

06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-45744

https://notcve.org/view.php?id=CVE-2021-45744

06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12742

https://notcve.org/view.php?id=CVE-2019-12742

05 Jun 2019 — Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). Bludit anterior a 3.9.1 le permite a un usuario sin privilegios cambiar la contraseña de cualquier cuenta, incluido admin. Esto ocurre debido a la Referencia de objeto directo inseguro de bl-kernel / admin / controllers / user-password.php (un parámetro POST de nom... • https://github.com/bludit/bludit/commit/a1bb333153fa8ba29a88cfba423d810f509a2b37 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2019-12548

https://notcve.org/view.php?id=CVE-2019-12548

03 Jun 2019 — Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Bludit antes de 3.9.0 permite la ejecución remota de código para un usuario identificado cargando un archivo php mientras cambia el logotipo a través de / admin / ajax / upload-logo. • https://github.com/bludit/bludit/commit/d0843a4070c7d7fa596a7eb2130be15383013487 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2

CVE-2018-1000811 – bludit Pages Editor 3.0.0 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2018-1000811

20 Dec 2018 — bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. bludit 3.0.0 contiene una vulnerabilidad de subida de archivos de tipo peligroso sin restricción en la subida de contenidos en el editor de páginas que puede resultar en la ejecución remota de comandos. Este ataque parece ser exp... • https://www.exploit-db.com/exploits/46060 • CWE-434: Unrestricted Upload of File with Dangerous Type •