Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bludit
(Bludit)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-17 | CVE-2024-25297 | Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | Bludit | 4.8 | ||
| 2020-02-07 | CVE-2020-8812 | Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. | Bludit | 5.4 | ||
| 2023-05-17 | CVE-2023-31698 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | Bludit | 5.4 | ||
| 2023-06-16 | CVE-2023-34845 | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | Bludit | 5.4 | ||
| 2023-09-01 | CVE-2023-24674 | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | Bludit | 7.8 | ||
| 2023-09-01 | CVE-2023-24675 | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. | Bludit | 4.8 | ||
| 2023-06-26 | CVE-2020-20210 | Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | Bludit | 8.8 | ||
| 2023-05-16 | CVE-2023-31572 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | Bludit | 8.8 | ||
| 2022-05-11 | CVE-2020-19228 | An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | Bludit | 7.2 | ||
| 2022-05-05 | CVE-2022-1590 | A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used. | Bludit | 5.4 |