Vulnerabilities > Bludit > Bludit > 3.12.0

DATE CVE VULNERABILITY TITLE RISK
2022-01-06 CVE-2021-45744 Cross-site Scripting vulnerability in Bludit
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
network
bludit CWE-79
3.5
3.5
2022-01-06 CVE-2021-45745 Cross-site Scripting vulnerability in Bludit
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
network
bludit CWE-79
3.5
3.5
2021-05-21 CVE-2020-23765 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0.
network
low complexity
bludit CWE-434
6.5
6.5
2020-06-24 CVE-2020-15026 Path Traversal vulnerability in Bludit 3.12.0
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
network
low complexity
bludit CWE-22
4.0
4.0
2020-06-24 CVE-2020-15006 Cross-site Scripting vulnerability in Bludit 3.12.0
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
network
bludit CWE-79
3.5
3.5
2020-06-06 CVE-2020-13889 Cross-site Scripting vulnerability in Bludit 3.12.0
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
network
bludit CWE-79
3.5
3.5