Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bludit bludit vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method t...
Bludit Bludit 1.5.2
Bludit Bludit 2.0.1
312
VMScore
CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
Bludit Bludit
2 Github repositories
312
VMScore
CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
Bludit Bludit
2 Github repositories
578
VMScore
CVE-2019-12742
Bludit before 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
Bludit Bludit
578
VMScore
CVE-2019-12548
Bludit prior to 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
Bludit Bludit
801
VMScore
CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows malicious users to upload arbitrary files.
Bludit Bludit 3.13.0
383
VMScore
CVE-2018-16313
Bludit 2.3.4 allows XSS via a user name.
Bludit Bludit 2.3.4
NA
CVE-2023-31698
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
Bludit Bludit 3.14.1
668
VMScore
CVE-2020-18879
Unrestricted File Upload in Bludit v3.8.1 allows remote malicious users to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
Bludit Bludit 3.8.1
389
VMScore
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
20 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »