Known Vulnerabilities for Bludit by Bludit

Listed below are 10 of the newest known vulnerabilities associated with the software "Bludit" by "Bludit".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-35323 Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Not Provided 2021-10-19 2021-10-19
CVE-2021-25808 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted... 7.8 - HIGH 2021-07-23 2021-08-02
CVE-2020-20495 bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. 7.8 - HIGH 2021-09-01 2021-09-01
CVE-2020-18879 Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via ... 7.8 - HIGH 2021-08-20 2021-08-20
CVE-2020-18190 Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-... 9.1 - CRITICAL 2020-10-02 2020-10-09
CVE-2020-15026 Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file downloa... 4.9 - MEDIUM 2020-06-24 2020-06-30
CVE-2020-15006 Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. 5.4 - MEDIUM 2020-06-24 2020-07-02
CVE-2020-13889 showAlert() in the administration panel in Bludit 3.12.0 allows XSS. 5.4 - MEDIUM 2020-06-06 2020-06-09
CVE-2020-8812 ** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the ve... 5.4 - MEDIUM 2020-02-07 2020-02-10
CVE-2020-8811 ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. 4.3 - MEDIUM 2020-02-07 2020-02-10

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationBluditBludit3.9.2AllAllAll
ApplicationBluditBludit3.9.1AllAllAll
ApplicationBluditBludit3.9.0AllAllAll
ApplicationBluditBludit3.8.1AllAllAll
ApplicationBluditBludit3.5.0AllAllAll
ApplicationBluditBludit3.4.0-AllAll
ApplicationBluditBludit3.4.0beta1AllAll
ApplicationBluditBludit3.3.0AllAllAll
ApplicationBluditBludit3.2.0AllAllAll
ApplicationBluditBludit3.12.0AllAllAll
ApplicationBluditBludit3.11.0-AllAll
ApplicationBluditBludit3.11.0aAllAll
ApplicationBluditBludit3.10.0-AllAll
ApplicationBluditBludit3.10.0alphaAllAll
ApplicationBluditBludit3.1.0AllAllAll
ApplicationBluditBludit3.0.0alpha5AllAll
ApplicationBluditBludit3.0.0-AllAll
ApplicationBluditBludit3.0.0alpha1AllAll
ApplicationBluditBludit3.0.0alpha2AllAll
ApplicationBluditBludit3.0.0alpha3AllAll

Popular searches for Bludit

Bludit - Flat-File CMS

www.bludit.com

Bludit - Flat-File CMS Bludit is a web application to build your own website or blog in seconds, it's completely free and open source. Markdown support. bludit.com

Flat-file database Content management system Markdown Plug-in (computing) Website Blog Search engine optimization Free and open-source software Web application Download Theme (computing) Database JSON Installation (computer programs) GitHub Documentation Computer file Configure script Web search engine WYSIWYG

bludit/bludit

github.com/bludit/bludit

bludit/bludit Simple, Fast, Secure, Flat-File CMS. Contribute to bludit GitHub.

github.com/dignajar/bludit GitHub Content management system PHP Flat-file database Web server JSON Adobe Contribute Blog Modular programming Software release life cycle Patreon Installation (computer programs) Docker (software) Computer file Command-line interface Bluetooth Xcode Microsoft Visual Studio Repository (version control) Software repository

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report