Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 16/06/2023 Updated: 17/05/2024

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

Bludit v3.14.1 exists to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

Vulnerable Product	Search on Vulmon	Subscribe to Product
bludit bludit 3.14.1

Vulnerability POC for CVE-2023-34845

CVE-2023-34845 Vulnerability POC for CVE-2023-34845 Vulnerability I found a cross-site scripting attack on the new content creating page localhost:800/admin/new-content it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained by the browser Stored XSS, also known as persistent XSS, is the more damaging than non-p

CWE-434 https://github.com/bludit/bludit/issues/1508 https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 https://nvd.nist.gov https://github.com/r4vanan/CVE-2023-34845

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-34845

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect