) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:bludit:bludit:3.0.0:rc3:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-45745 |
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Published: January 06, 2022; 11:15:08 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-45744 |
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Published: January 06, 2022; 11:15:08 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-12742 |
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). Published: June 05, 2019; 12:29:01 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12548 |
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Published: June 03, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-1000811 |
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. Published: December 20, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |