CVE-2026-27742

Medium CVSS: 5.1

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript into the content field of a post, which is stored and later rendered to other users without proper output encoding. When viewed, the injected script executes in the context of the victim’s browser, allowing session hijacking, credential theft, content manipulation, or other actions within the user’s privileges.

Vendor

Bludit

Product

Bludit

CWE

CWE-79

Yayın Tarihi

2026-02-23 22:16:25

Güncelleme

2026-02-26 03:04:02

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Bludit MEDIUM Bludit 2026

Referanslar

https://github.com/bludit/bludit/issues/1579 https://www.vulncheck.com/advisories/bludit-stored-xss-in-post-content

Benzer Kayıtlar

Medium

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker w…

Medium

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same aft…

High

CVE-2026-25099

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension wi…

Medium

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /ad…

High

CVE-2023-53907

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logg…