VYPR

Bludit

by Bludit

Source repositories

CVEs (46)

  • CVE-2020-13889Jun 6, 2020
    risk 0.00cvss epss 0.01

    showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

  • CVE-2020-8811Feb 7, 2020
    risk 0.00cvss epss 0.01

    ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.

  • CVE-2020-8812Feb 7, 2020
    risk 0.00cvss epss 0.01

    Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.

  • CVE-2019-16334Sep 15, 2019
    risk 0.00cvss epss 0.01

    In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

  • CVE-2019-12742Jun 5, 2019
    risk 0.00cvss epss 0.01

    Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).

  • CVE-2019-12548Jun 3, 2019
    risk 0.00cvss epss 0.03

    Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.

Page 3 of 3