Lucene search

[email protected]CVE-2023-31698

HistoryMay 17, 2023 - 1:15 p.m.

CVE-2023-31698

2023-05-1713:15:09

CWE-79

[email protected]

web.nvd.nist.gov

bludit

v3.14.1

xss

vulnerability

svg

site logo

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

51.6%

JSON

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product’s security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

Affected configurations

NVD

Node

bluditbluditMatch3.14.1

CPENameOperatorVersion
bludit:bluditbluditeq3.14.1

CPE	Name	Operator	Version
bludit:bludit	bludit	eq	3.14.1

References

packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html

github.com/bludit/bludit/issues/1212#issuecomment-649514491

github.com/bludit/bludit/issues/1369#issuecomment-940806199

github.com/bludit/bludit/issues/1509