CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1590 – Bludit New Content Module new-content cross site scripting
https://notcve.org/view.php?id=CVE-2022-1590
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. • https://github.com/joinia/webray.com.cn/blob/main/Bludit/Bluditreadme.md https://vuldb.com/?id.199060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45745
https://notcve.org/view.php?id=CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 https://github.com/plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45744
https://notcve.org/view.php?id=CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 https://github.com/plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-tags-field-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-35323 – Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-35323
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en bludit versión 3-13-1 por medio del nombre de usuario en admin/login Bludit version 3.13.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50529 http://packetstormsecurity.com/files/164990/Bludit-3.13.1-Cross-Site-Scripting.html https://github.com/bludit/bludit/issues/1327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25808
https://notcve.org/view.php?id=CVE-2021-25808
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. Una vulnerabilidad de inyección de código en el archivo backup/plugin.php de Bludit versión 3.13.1, permite a atacantes ejecutar código arbitrario por medio de un archivo ZIP diseñado • https://github.com/bludit/bludit/issues/1298 • CWE-94: Improper Control of Generation of Code ('Code Injection') •