Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bludit
(Bludit)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 29 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-02-07 | CVE-2020-8812 | Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. | Bludit | 5.4 | ||
2023-05-17 | CVE-2023-31698 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | Bludit | 5.4 | ||
2023-06-16 | CVE-2023-34845 | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | Bludit | 5.4 |