CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20210
https://notcve.org/view.php?id=CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. Bludit versión 3.9.2 es vulnerable a ejecución de código remoto (RCE) a través de "/admin/ajax/upload-images". • https://github.com/bludit/bludit/issues/1079 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45745
https://notcve.org/view.php?id=CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 https://github.com/plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45744
https://notcve.org/view.php?id=CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 https://github.com/plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS https://www.plsanu.com/bludit-3-13-1-tags-field-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 9CVE-2019-17240 – Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
https://notcve.org/view.php?id=CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. El archivo bl-kernel/security.class.php en Bludit versión 3.9.2, permite a atacantes omitir un mecanismo de protección de fuerza bruta mediante el uso de muchos encabezados HTTP X-Forward-For o Client-IP falsificados diferentes. Bludit version 3.9.2 suffer from an authentication bruteforce mitigation bypass vulnerability. • https://github.com/ColdFusionX/CVE-2019-17240-Exploit-Bludit-BF-bypass https://www.exploit-db.com/exploits/48746 https://www.exploit-db.com/exploits/48942 https://github.com/pingport80/CVE-2019-17240 https://github.com/mind2hex/CVE-2019-17240 https://github.com/jayngng/bludit-CVE-2019-17240 https://github.com/triple-octopus/Bludit-CVE-2019-17240-Fork http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html http://packetstormsecurity.com/files& • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16334
https://notcve.org/view.php?id=CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. En Bludit versión v3.9.2, se presenta una vulnerabilidad de tipo XSS persistente en el campo Categories -) Add New Category -) Name. NOTA: esto puede solaparse con CVE-2017-16636. • https://github.com/bludit/bludit/issues/1078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •