Vulnerabilities > Bludit > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-06 | CVE-2020-13889 | Cross-site Scripting vulnerability in Bludit 3.12.0 showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | 5.4 |
| 2020-02-07 | CVE-2020-8812 | Cross-site Scripting vulnerability in Bludit 3.10.0 Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. | 5.4 |
| 2020-02-07 | CVE-2020-8811 | Missing Authorization vulnerability in Bludit 3.10.0 ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | 4.3 |
| 2019-09-15 | CVE-2019-16334 | Cross-site Scripting vulnerability in Bludit 3.9.2 In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. | 4.8 |
| 2018-09-01 | CVE-2018-16313 | Cross-site Scripting vulnerability in Bludit 2.3.4 Bludit 2.3.4 allows XSS via a user name. | 6.1 |
| 2017-11-06 | CVE-2017-16636 | Cross-site Scripting vulnerability in Bludit 1.5.2/2.0.1 In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. | 5.4 |