Primary

Context

Bludit Stored Cross-Site Scripting Vulnerability in Image Upload Functionality

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Bludit's image upload feature. This issue affects all versions of Bludit up to and including 3.18.2. Authenticated attackers with content upload privileges, such as Authors, Editors, or Administrators, can exploit this vulnerability by uploading SVG files containing malicious JavaScript. The malicious payload is executed when a victim accesses the URL of the uploaded resource, which is available without authentication.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded malicious scripts are executed in the context of the user viewing the resource.

Added: Mar 27, 2026, 12:22 PM

Updated: Mar 27, 2026, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

4.7

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

4.7

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bludit Stored Cross-Site Scripting Vulnerability in Image Upload Functionality

Vulnerability

Impact

Affected Products

Bludit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating