Vulnerabilities (CVE)

Filtered by vendor Bludit Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-25297 1 Bludit 1 Bludit 2024-11-21 N/A 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.
CVE-2023-34845 1 Bludit 1 Bludit 2024-11-21 N/A 5.4 MEDIUM
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVE-2023-31698 1 Bludit 1 Bludit 2024-11-21 N/A 5.4 MEDIUM
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVE-2023-31572 1 Bludit 1 Bludit 2024-11-21 N/A 8.8 HIGH
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.
CVE-2023-24675 1 Bludit 1 Bludit 2024-11-21 N/A 4.8 MEDIUM
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.
CVE-2023-24674 1 Bludit 1 Bludit 2024-11-21 N/A 7.8 HIGH
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
CVE-2022-1590 1 Bludit 1 Bludit 2024-11-21 3.5 LOW 3.5 LOW
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.
CVE-2021-45745 1 Bludit 1 Bludit 2024-11-21 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVE-2021-45744 1 Bludit 1 Bludit 2024-11-21 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVE-2021-35323 1 Bludit 1 Bludit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVE-2021-25808 1 Bludit 1 Bludit 2024-11-21 6.8 MEDIUM 7.8 HIGH
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2020-8812 1 Bludit 1 Bludit 2024-11-21 3.5 LOW 5.4 MEDIUM
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug."
CVE-2020-8811 1 Bludit 1 Bludit 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
CVE-2020-23765 1 Bludit 1 Bludit 2024-11-21 6.5 MEDIUM 7.2 HIGH
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVE-2020-20495 1 Bludit 1 Bludit 2024-11-21 5.8 MEDIUM 9.1 CRITICAL
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
CVE-2020-20210 1 Bludit 1 Bludit 2024-11-21 N/A 8.8 HIGH
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
CVE-2020-19228 1 Bludit 1 Bludit 2024-11-21 9.0 HIGH 7.2 HIGH
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
CVE-2020-18879 1 Bludit 1 Bludit 2024-11-21 7.5 HIGH 9.8 CRITICAL
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVE-2020-18190 1 Bludit 1 Bludit 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
CVE-2020-15026 1 Bludit 1 Bludit 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.