Vulnerabilities > Bludit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-45745 | Cross-site Scripting vulnerability in Bludit A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | 5.4 |
| 2021-10-19 | CVE-2021-35323 | Cross-site Scripting vulnerability in Bludit 3.13.1 Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | 6.1 |
| 2021-09-01 | CVE-2020-20495 | Unspecified vulnerability in Bludit 3.13.0 bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | 9.1 |
| 2021-08-20 | CVE-2020-18879 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.8.1 Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | 9.8 |
| 2021-07-23 | CVE-2021-25808 | Code Injection vulnerability in Bludit 3.13.1 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | 7.8 |
| 2021-05-21 | CVE-2020-23765 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0 A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. | 7.2 |
| 2020-10-02 | CVE-2020-18190 | Path Traversal vulnerability in Bludit 3.8.1 Bludit v3.8.1 is affected by directory traversal. | 9.1 |
| 2020-06-24 | CVE-2020-15026 | Path Traversal vulnerability in Bludit 3.12.0 Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. | 4.9 |
| 2020-06-24 | CVE-2020-15006 | Cross-site Scripting vulnerability in Bludit 3.12.0 Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | 5.4 |
| 2020-06-06 | CVE-2020-13889 | Cross-site Scripting vulnerability in Bludit 3.12.0 showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | 5.4 |