Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through...
5.4CVSS
5.3AI Score
0.002EPSS
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a...
5.4CVSS
5.4AI Score
0.001EPSS
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...
5.4CVSS
5.8AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via...
4.8CVSS
5.3AI Score
0.0004EPSS
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly...
4.8CVSS
6.1AI Score
0.0005EPSS
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin...
7.8CVSS
7.5AI Score
0.0004EPSS
8.8CVSS
8.9AI Score
0.001EPSS
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted...
8.8CVSS
8.5AI Score
0.001EPSS
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary...
7.2CVSS
7AI Score
0.001EPSS
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert(1) leads to cross site scripting. The attack can be initiated...
5.4CVSS
5.1AI Score
0.001EPSS
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login...
5.4CVSS
5.2AI Score
0.001EPSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login...
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in...
6.1CVSS
5.9AI Score
0.002EPSS
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup'...
9.1CVSS
9.2AI Score
0.001EPSS
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component...
9.8CVSS
9.7AI Score
0.01EPSS
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP...
7.8CVSS
7.8AI Score
0.001EPSS
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the...
7.2CVSS
7AI Score
0.001EPSS
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via...
9.1CVSS
9.2AI Score
0.002EPSS
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via...
4.9CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.5AI Score
0.001EPSS
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile...
4.3CVSS
4.5AI Score
0.001EPSS
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP...
9.8CVSS
9.2AI Score
0.096EPSS
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap...
4.8CVSS
4.9AI Score
0.001EPSS
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../...
8.8CVSS
8.8AI Score
0.936EPSS
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST...
8.8CVSS
8.7AI Score
0.001EPSS
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through...
8.8CVSS
8.9AI Score
0.01EPSS
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP...
8.8CVSS
8.7AI Score
0.005EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via...
5.4CVSS
5AI Score
0.001EPSS