CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24675
https://notcve.org/view.php?id=CVE-2023-24675
01 Sep 2023 — Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en BluditCMS v3.14.1 que permite a los atacantes ejecutar código arbitrario a través de la URL "Categories Friendly". • https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34845
https://notcve.org/view.php?id=CVE-2023-34845
16 Jun 2023 — Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). Se descubrió que Bludit v3.14.1 contiene una vulnerabilidad de carga de archivos arbitraria en el componen... • https://github.com/r4vanan/CVE-2023-34845 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31698 – Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31698
17 May 2023 — Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •