A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVSS Score
5.4
EPSS Score
0.03
Published
2022-01-06
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVSS Score
5.4
EPSS Score
0.027
Published
2022-01-06
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-02-07
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-07