Description
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
Published: 2023-06-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

No history.

Subscriptions

Bludit Bludit
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-02T16:17:04.231Z

Reserved: 2023-06-07T00:00:00.000Z

Link: CVE-2023-34845

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-16T04:15:14.143

Modified: 2024-11-21T08:07:37.987

Link: CVE-2023-34845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses