Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Bludit
  • Bludit

Configuration 1 [-]

cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html Exploit Third Party Advisory VDB Entry
https://github.com/bludit/bludit/issues/1212#issuecomment-649514491
https://github.com/bludit/bludit/issues/1369#issuecomment-940806199
https://github.com/bludit/bludit/issues/1509 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-17T00:00:00

Updated: 2023-12-30T20:56:19.182482

Reserved: 2023-04-29T00:00:00

Link: CVE-2023-31698

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-05-17T13:15:09.463

Modified: 2024-05-17T02:23:59.750

Link: CVE-2023-31698

JSON object: View

cve-icon Redhat Information

No data.

CWE