Thatsa9

**Name of the Vulnerable Software and Affected Versions** Bludit version 3.10.0 **Description** The issue allows authenticated users to change other users' profile pictures due to a problem in the ajax/profile-picture-upload.php file. **Recommendations** For Bludit version 3.10.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bludit version 3.10.0 **Description** The issue allows users with Editor or Author roles to insert malicious JavaScript into the WYSIWYG editor. It's noted that the vendor considers this behavior as "not a bug". **Recommendations** For Bludit version 3.10.0, consider restricting access to the WYSIWYG editor for users with Editor or Author roles until a resolution is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.