Vulnerabilities > Bludit > Bludit > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-45744 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | 3.5 |
| 2022-01-06 | CVE-2021-45745 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | 3.5 |
| 2019-06-05 | CVE-2019-12742 | Authorization Bypass Through User-Controlled Key vulnerability in Bludit Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. | 6.5 |
| 2019-06-03 | CVE-2019-12548 | Code Injection vulnerability in Bludit Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | 6.5 |