CVE-2026-25100

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.18.3

Description Bludit is susceptible to Stored Cross-Site Scripting (XSS) through its image upload feature. An authenticated attacker possessing content upload permissions—like Author, Editor, or Administrator—can upload a malicious SVG file. This payload executes when a user accesses the URL of the uploaded file, and the resource is accessible without authentication.

Recommendations Update to version 3.18.3 or later.