CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
Configurations

Configuration 1 (hide)

cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:02

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References () https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 - () https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 -
References () https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 - () https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 -
References () https://github.com/bludit/bludit/issues/1509 - Exploit () https://github.com/bludit/bludit/issues/1509 - Exploit

30 Dec 2023, 21:15

Type Values Removed Values Added
References
  • () https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 -
  • () https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 -
Summary Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

25 May 2023, 15:41

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*
References (MISC) https://github.com/bludit/bludit/issues/1509 - (MISC) https://github.com/bludit/bludit/issues/1509 - Exploit
References (MISC) http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html - (MISC) http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

19 May 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html -

17 May 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-17 13:15

Updated : 2024-11-21 08:02


NVD link : CVE-2023-31698

Mitre link : CVE-2023-31698

CVE.ORG link : CVE-2023-31698


JSON object : View

Products Affected

bludit

  • bludit
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')