CVE-2024-25297

Name of the Vulnerable Software and Affected Versions Bludit CMS version 3.15

Description A Cross Site Scripting (XSS) issue allows remote attackers to execute arbitrary code and obtain sensitive information via the "edit-content.php" endpoint. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For Bludit CMS version 3.15, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "edit-content.php" endpoint until a patch is available. Avoid using this endpoint in a way that could allow arbitrary code execution until the issue is resolved.