Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bludit vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method t...
Bludit Bludit 1.5.2
Bludit Bludit 2.0.1
6.5
CVSSv2
CVE-2019-12742
Bludit before 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
Bludit Bludit
3.5
CVSSv2
CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
Bludit Bludit
2 Github repositories
6.5
CVSSv2
CVE-2019-12548
Bludit prior to 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
Bludit Bludit
3.5
CVSSv2
CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
Bludit Bludit
2 Github repositories
3.5
CVSSv2
CVE-2020-13889
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
Bludit Bludit 3.12.0
3 Github repositories
NA
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
Bludit Bludit 3.9.2
3.5
CVSSv2
CVE-2020-15006
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
Bludit Bludit 3.12.0
3.5
CVSSv2
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
Bludit Bludit 3.9.2
5.8
CVSSv2
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
Bludit Bludit 3.13.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »