A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVSS Score
5.4
EPSS Score
0.027
Published
2022-01-06
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVSS Score
6.1
EPSS Score
0.03
Published
2021-10-19
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
CVSS Score
9.1
EPSS Score
0.006
Published
2021-09-01
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVSS Score
9.8
EPSS Score
0.094
Published
2021-08-20
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-07-23
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVSS Score
7.2
EPSS Score
0.004
Published
2021-05-21
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
CVSS Score
9.1
EPSS Score
0.033
Published
2020-10-02
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
CVSS Score
4.9
EPSS Score
0.005
Published
2020-06-24
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-24
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.017
Published
2020-06-06