Filtered by vendor Bludit
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2020-10-09 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2020-08-24 | N/A |
| Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). | ||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2020-07-02 | 5.4 Medium |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | ||||
| CVE-2020-15026 | 1 Bludit | 1 Bludit | 2020-06-30 | 4.9 Medium |
| Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. | ||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2020-06-09 | 5.4 Medium |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | ||||
| CVE-2020-8811 | 1 Bludit | 1 Bludit | 2020-02-10 | 4.3 Medium |
| ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | ||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2019-09-16 | 4.8 Medium |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | ||||
| CVE-2018-1000811 | 1 Bludit | 1 Bludit | 2019-01-07 | N/A |
| bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. | ||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2018-11-02 | N/A |
| Bludit 2.3.4 allows XSS via a user name. | ||||
| CVE-2017-16636 | 1 Bludit | 1 Bludit | 2017-11-29 | N/A |
| In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. | ||||