CVE-2026-27742

Name of the Vulnerable Software and Affected Versions Bludit version 3.16.2

Description The application does not properly sanitize content input on the server side, despite client-side sanitation. An authenticated user can inject JavaScript into the post content field. This injected script executes in the context of a victim’s browser when the content is rendered, potentially allowing session hijacking, credential theft, or content manipulation. The vulnerability exists in the post content functionality.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider carefully reviewing and sanitizing all user-submitted content before publishing it.