Vulnerabilities > Bludit > Bludit > 1.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-45744 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | 5.4 |
| 2022-01-06 | CVE-2021-45745 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | 5.4 |
| 2019-06-05 | CVE-2019-12742 | Authorization Bypass Through User-Controlled Key vulnerability in Bludit Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. | 8.8 |
| 2019-06-03 | CVE-2019-12548 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | 8.8 |
| 2017-11-06 | CVE-2017-16636 | Cross-site Scripting vulnerability in Bludit 1.5.2/2.0.1 In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. | 5.4 |