12 matches found
CVE-2020-13889
showAlert in the administration panel in Bludit 3.12.0 allows XSS...
CVE-2020-23765
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...
Bludit cross-site scripting vulnerability (CNVD-2021-22131)
Bludit is a simple, fast and secure flat file CMS. A stored cross-site scripting vulnerability exists in bl-kernel/ajax/logo-upload.php in Bludit 3.12.0. An attacker can exploit this vulnerability to inject arbitrary JavaScript and HTML code...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
Directory traversal
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
CVE-2020-15006
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...
CVE-2020-15006
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...
CVE-2020-15006
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php...
CVE-2020-13889
showAlert in the administration panel in Bludit 3.12.0 allows XSS...
Cross site scripting
showAlert in the administration panel in Bludit 3.12.0 allows XSS...