Stored XSS Vulnerability in Bludit Product by Bludit
CVE-2020-15006

5.4MEDIUM

Key Information:

Vendor: Bludit
Status: Bludit
Vendor: CVE Published:; 24 June 2020

What is CVE-2020-15006?

Bludit version 3.12.0 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that occurs when an attacker inputs JavaScript code through an SVG document into the bl-kernel/ajax/logo-upload.php endpoint. This flaw could allow unauthorized users to execute malicious scripts in the context of a user’s session, leading to potential data theft or unauthorized actions that compromise user security.

References

https://github.com/bludit/bludit/issues/1212

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2020
Vulnerability Reserved
Jun 24, 2020

JSON