CVE-2023-31698

Name of the Vulnerable Software and Affected Versions Bludit version 3.14.1

Description The issue is related to Stored Cross Site Scripting (XSS) via an SVG file on the site logo. It's noted that the product's security model trusts users to insert arbitrary content, as they cannot create their own accounts through self-registration.

Recommendations For Bludit version 3.14.1, consider restricting the upload of SVG files for the site logo to minimize the risk of exploitation. As a temporary workaround, avoid using SVG files for the site logo until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.