CVE-2023-31698 - OpenCVE

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Bludit	Bludit

Configuration 1 [-]

cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html
https://github.com/bludit/bludit/issues/1212#issuecomment-649514491
https://github.com/bludit/bludit/issues/1369#issuecomment-940806199
https://github.com/bludit/bludit/issues/1509

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-17T00:00:00

Updated: 2024-08-02T14:56:35.256Z

Reserved: 2023-04-29T00:00:00

Link: CVE-2023-31698

Vulnrichment

Updated: 2024-05-23T19:57:35.796Z

NVD

Status : Modified

Published: 2023-05-17T13:15:09.463

Modified: 2024-08-02T15:16:12.200

Link: CVE-2023-31698

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object