Bludit Security Vulnerabilities and Issues — Bludit CVE List

Lucene search

BluditBludit

6 matches found

CVE•added 2020/02/07 11:15 p.m.•147 views

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.

5.4CVSS5.4AI score0.0027EPSS

CVE•added 2020/02/07 11:15 p.m.•146 views

CVE-2020-8811

ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.

4.3CVSS4.5AI score0.00354EPSS

CVE•added 2020/06/06 8:15 p.m.•89 views

CVE-2020-13889

showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

5.4CVSS5.5AI score0.01693EPSS

CVE•added 2020/06/24 11:15 a.m.•45 views

CVE-2020-15006

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.

5.4CVSS5.2AI score0.00191EPSS

CVE•added 2020/06/24 7:15 p.m.•41 views

CVE-2020-15026

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.

4.9CVSS5.2AI score0.00489EPSS

Web

CVE•added 2020/10/02 2:15 p.m.•33 views

CVE-2020-18190

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.

9.1CVSS9.2AI score0.03325EPSS