Lucene search
+L

442 matches found

redhatcve
redhatcve
added 2026/02/24 10:25 p.m.8 views

CVE-2026-27742

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/02/23 10:1 p.m.4 views

CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

5.1CVSS5.6AI score0.00143EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/02/23 10:1 p.m.7 views

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

5.1CVSS5.6AI score0.00143EPSS
Exploits1References3
osv
osv
added 2026/02/23 10:1 p.m.6 views

CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

5.1CVSS6.1AI score0.00143EPSS
Exploits1References5
cvelist
cvelist
added 2026/02/23 10:1 p.m.24 views

CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

5.1CVSS0.00143EPSS
Exploits1References2
cve
cve
added 2026/02/23 10:1 p.m.16 views

CVE-2026-27741

Bludit 3.16.1 is affected by a CSRF vulnerability in /admin/uninstall-plugin/ and /admin/install-theme/ due to missing anti-CSRF tokens/origin validation. An attacker could entice an authenticated administrator to perform crafted requests, enabling unauthorized plugin uninstallation or theme inst...

5.1CVSS5.6AI score0.00143EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/02/23 9:58 p.m.6 views

CVE-2026-27742

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References3
cvelist
cvelist
added 2026/02/23 9:58 p.m.35 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS0.00139EPSS
Exploits1References2
cve
cve
added 2026/02/23 9:58 p.m.15 views

CVE-2026-27742

Bludit

5.4CVSS5.3AI score0.00139EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/02/23 9:58 p.m.10 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.1CVSS6AI score0.00139EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/02/23 9:58 p.m.3 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/23 12:0 a.m.11 views

Bludit 跨站请求伪造漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.1 of Bludit contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of anti-CSRF tokens on the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints,...

5.1CVSS5.7AI score0.00143EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/23 12:0 a.m.13 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.2 of Bludit contains a cross-site scripting vulnerability. This vulnerability arises from the fact that post content cleaning is only performed on the client side, while equivalent cleaning is n...

5.4CVSS5.7AI score0.00139EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/01/09 12:33 p.m.6 views

CVE-2023-31572

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request...

8.8CVSS7.2AI score0.00844EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 12:32 p.m.8 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.4CVSS5.9AI score0.02586EPSS
Exploits4References1
githubexploit
githubexploit
added 2026/01/07 6:57 p.m.186 views

Exploit for CVE-2016-16113

Get RCE - Bludit CMS Exploit...

9.8CVSS8.8AI score0.77962EPSS
Exploits24
redhatcve
redhatcve
added 2026/01/07 9:32 a.m.10 views

CVE-2019-16334

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...

5.4CVSS5.9AI score0.00677EPSS
Exploits4References1
redhatcve
redhatcve
added 2026/01/07 9:26 a.m.10 views

CVE-2019-12742

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...

8.8CVSS7AI score0.01304EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/18 11:36 p.m.5 views

CVE-2023-53907

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...

7.1CVSS6.7AI score0.00683EPSS
Exploits1References1
euvd
euvd
added 2025/12/18 12:34 a.m.4 views

EUVD-2023-60223

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...

7.1CVSS6.2AI score0.00683EPSS
Exploits1References4
Rows per page
Query Builder