442 matches found
CVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
CVE-2026-27741
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
CVE-2026-27741
Bludit 3.16.1 is affected by a CSRF vulnerability in /admin/uninstall-plugin/ and /admin/install-theme/ due to missing anti-CSRF tokens/origin validation. An attacker could entice an authenticated administrator to perform crafted requests, enabling unauthorized plugin uninstallation or theme inst...
CVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
CVE-2026-27742
Bludit
CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
Bludit 跨站请求伪造漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.1 of Bludit contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of anti-CSRF tokens on the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints,...
Bludit 跨站脚本漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.2 of Bludit contains a cross-site scripting vulnerability. This vulnerability arises from the fact that post content cleaning is only performed on the client side, while equivalent cleaning is n...
CVE-2023-31572
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request...
CVE-2023-31698
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...
Exploit for CVE-2016-16113
Get RCE - Bludit CMS Exploit...
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...
CVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
EUVD-2023-60223
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...