// For flags

CVE-2017-16636

 

Severity Score

5.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.

En Bludit v1.5.2 y v2.0.1, una vulnerabilidad de XSS se localiza en el contexto del mensaje de cuerpo new page, new category y edit post. Los atacantes remotos son capaces de omitir la validación básica del editor para desencadenar Cross-Site Scripting. El XSS es persistente y el método de petición que se debe emplear para inyectar a través del editor es GET. Para guardar el contexto del editor, la petición de método POST de seguimiento debe ser procesada para realizar el ataque mediante el lado de la aplicación. La validación básica del editor no permite la inyección de código script y bloquea el contexto. Los atacantes pueden inyectar el código mediante el uso de un editor de etiquetas que o¡no está reconocido por la validación básica. Esto permitiría que una cuenta de usuario restringida inyecte código script malicioso para realizar un ataque persistente contra cuentas de usuario con mayores privilegios basados en web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-06 CVE Reserved
  • 2017-11-06 CVE Published
  • 2023-09-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://www.vulnerability-lab.com/get_content.php?id=2000 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bludit
Search vendor "Bludit"
 Bludit
Search vendor "Bludit" for product "Bludit"
 1.5.2
Search vendor "Bludit" for product "Bludit" and version "1.5.2"
-
Affected
Bludit
Search vendor "Bludit"
 Bludit
Search vendor "Bludit" for product "Bludit"
 2.0.1
Search vendor "Bludit" for product "Bludit" and version "2.0.1"
-
Affected