CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24675
https://notcve.org/view.php?id=CVE-2023-24675
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en BluditCMS v3.14.1 que permite a los atacantes ejecutar código arbitrario a través de la URL "Categories Friendly". • https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107 https://medium.com/%40cupc4k3/xss-stored-in-friendly-url-field-on-bludit-cms-641a9dd653f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34845
https://notcve.org/view.php?id=CVE-2023-34845
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). Se descubrió que Bludit v3.14.1 contiene una vulnerabilidad de carga de archivos arbitraria en el componente /admin/new-content. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la carga de un archivo SVG manipulado. • https://github.com/r4vanan/CVE-2023-34845 https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 https://github.com/bludit/bludit/issues/1508 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31698 – Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31698
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51476 http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 https://github.com/bludit/bludit/issues/1509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •