CVE-2020-15006

Name of the Vulnerable Software and Affected Versions Bludit version 3.12.0

Description The issue allows stored XSS via JavaScript code in an SVG document to the "bl-kernel/ajax/logo-upload.php" API endpoint. This enables potential attackers to inject malicious scripts into the application.

Recommendations For Bludit version 3.12.0, as a temporary workaround, consider restricting access to the "bl-kernel/ajax/logo-upload.php" API endpoint until a patch is available. Avoid using this endpoint with SVG documents containing JavaScript code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.