3 matches found
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
Code injection
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
CVE-2020-8811
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures...