PT-2020-13754 · Bludit · Bludit
Gh0St56
·
Published
2020-06-06
·
Updated
2020-06-09
·
CVE-2020-13889
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bludit version 3.12.0
Description
The issue concerns the
showAlert() function in the administration panel, which allows for cross-site scripting (XSS). This means an attacker could potentially inject malicious scripts into the website.Recommendations
For Bludit version 3.12.0, consider disabling the
showAlert() function in the administration panel as a temporary workaround until a patch is available. Restrict access to the administration panel to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bludit