Vulnerabilities > Bludit

DATE CVE VULNERABILITY TITLE RISK
2020-02-07 CVE-2020-8812 Cross-site Scripting vulnerability in Bludit 3.10.0
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor.
network
low complexity
bludit CWE-79
5.4
2020-02-07 CVE-2020-8811 Missing Authorization vulnerability in Bludit 3.10.0
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
network
low complexity
bludit CWE-862
4.3
2019-10-06 CVE-2019-17240 Improper Restriction of Excessive Authentication Attempts vulnerability in Bludit 3.9.2
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
network
low complexity
bludit CWE-307
critical
9.8
2019-09-15 CVE-2019-16334 Cross-site Scripting vulnerability in Bludit 3.9.2
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field.
network
low complexity
bludit CWE-79
4.8
2019-09-08 CVE-2019-16113 Path Traversal vulnerability in Bludit 3.9.2
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
network
low complexity
bludit CWE-22
8.8
2019-06-05 CVE-2019-12742 Authorization Bypass Through User-Controlled Key vulnerability in Bludit
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin.
network
low complexity
bludit CWE-639
8.8
2019-06-03 CVE-2019-12548 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
network
low complexity
bludit CWE-434
8.8
2018-12-20 CVE-2018-1000811 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.0.0
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution.
network
low complexity
bludit CWE-434
8.8
2018-09-01 CVE-2018-16313 Cross-site Scripting vulnerability in Bludit 2.3.4
Bludit 2.3.4 allows XSS via a user name.
network
low complexity
bludit CWE-79
6.1
2017-11-06 CVE-2017-16636 Cross-site Scripting vulnerability in Bludit 1.5.2/2.0.1
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context.
network
low complexity
bludit CWE-79
5.4