Vulnerabilities > Bludit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-17 | CVE-2024-25297 | Cross-site Scripting vulnerability in Bludit 3.15.0 Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | 4.8 |
| 2023-09-01 | CVE-2023-24674 | Missing Authorization vulnerability in Bludit 4.0.0 Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | 7.8 |
| 2023-09-01 | CVE-2023-24675 | Cross-site Scripting vulnerability in Bludit 3.14.1 Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. | 4.8 |
| 2023-06-26 | CVE-2020-20210 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.9.2 Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | 8.8 |
| 2023-06-16 | CVE-2023-34845 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.14.1 Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. | 5.4 |
| 2023-05-17 | CVE-2023-31698 | Cross-site Scripting vulnerability in Bludit 3.14.1 Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. | 5.4 |
| 2023-05-16 | CVE-2023-31572 | Unspecified vulnerability in Bludit 4.0.0 An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | 8.8 |
| 2022-05-11 | CVE-2020-19228 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.13.0 An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | 7.2 |
| 2022-05-05 | CVE-2022-1590 | Cross-site Scripting vulnerability in Bludit 3.13.1 A vulnerability was found in Bludit 3.13.1. | 5.4 |
| 2022-01-06 | CVE-2021-45744 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | 5.4 |