Bludit Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Bludit versions 3.17.2 and 3.18.0. This issue allows authenticated attackers with page creation privileges to inject malicious JavaScript into the tags field of new articles. The injected script executes when a victim accesses the URL of the resource, which is publicly available without authentication. Notably, this vulnerability could be exploited to create a new site administrator if the victim holds sufficient privileges.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the affected page. Additionally, it could be used to escalate privileges by creating a new site administrator, depending on the victim's rights.

Added: Apr 7, 2026, 12:03 PM

Updated: Apr 7, 2026, 12:03 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

3.5

exploitability

5.8

remediation

0.0

relevance

5.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

3.5

exploitability

5.8

remediation

0.0

relevance

5.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bludit Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

Bludit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating