Lucene search
K

442 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Previous versions of Bludit, such as 6732dde, had a cross-site scripting vulnerability. This vulnerability stemmed from the search plugin’s reflective cross-site scripting feature, which allowed...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-34045

Name of the Vulnerable Software and Affected Versions Bludit CMS versions prior to commit 6732dde Description A reflected cross-site scripting issue exists in the search plugin. This allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Malicious...

5.1CVSS5.7AI score0.00379EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.118 views

📄 Bludit CMS 3.18.2 Shell Upload

This Metasploit module targets a vulnerability in Bludit CMS version 3.18.2 targeting the API file upload mechanism which allows authenticated users with a valid API token to upload arbitrary files without proper validation. This can result in a shell upload...

8.8CVSS5.9AI score0.01919EPSS
Exploits4
EUVD
EUVD
added 2026/04/07 12:31 p.m.4 views

EUVD-2026-19598

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 10:46 a.m.19 views

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 10:46 a.m.2 views

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 10:46 a.m.15 views

CVE-2026-4420

Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 10:46 a.m.4 views

CVE-2026-4420

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/07 10:46 a.m.2 views

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions 3.17.2 and 3.18.0 of Bludit contain cross-site scripting vulnerabilities. These vulnerabilities stem from a storage-based cross-site scripting flaw in the page creation function. This allows...

5.4CVSS5.6AI score0.00161EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/03/30 12:0 a.m.141 views

📄 Bludit CMS Shell Upload

Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...

8.8CVSS6.1AI score0.01919EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/03/28 11:40 a.m.194 views

Exploit for CVE-2026-25099

CVE-2026-25099 — Bludit CMS API Unrestricted File Upload to RC...

8.7CVSS5.9AI score0.01919EPSS
Exploits4
EUVD
EUVD
added 2026/03/27 12:31 p.m.6 views

EUVD-2026-16577

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...

8.7CVSS5.9AI score0.01919EPSS
Exploits4References3
EUVD
EUVD
added 2026/03/27 12:31 p.m.5 views

EUVD-2026-16579

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

8.7CVSS5.8AI score0.01919EPSS
Exploits4References3
EUVD
EUVD
added 2026/03/27 12:31 p.m.4 views

EUVD-2026-16581

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

8.7CVSS5.8AI score0.01919EPSS
Exploits4References3
NVD
NVD
added 2026/03/27 12:16 p.m.6 views

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

5.4CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 12:16 p.m.5 views

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

9.8CVSS0.00356EPSS
Exploits4References2
NVD
NVD
added 2026/03/27 12:16 p.m.2 views

CVE-2026-25099

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...

8.8CVSS0.01919EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2026/03/27 11:55 a.m.3 views

CVE-2026-25099 Remote Code Execution via Unrestricted File Upload in Bludit

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...

8.7CVSS5.9AI score0.01919EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 11:55 a.m.1 views

CVE-2026-25099

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...

8.7CVSS5.9AI score0.01919EPSS
Exploits4References3
Rows per page
Query Builder