← back
CVE-2023-31698

CVE-2023-31698

EPSS 2.6%
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51476unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.htmlhttps://github.com/bludit/bludit/issues/1212#issuecomment-649514491https://github.com/bludit/bludit/issues/1369#issuecomment-940806199https://github.com/bludit/bludit/issues/1509