CVE-2026-41456

Name of the Vulnerable Software and Affected Versions Bludit CMS versions prior to commit 6732dde

Description A reflected cross-site scripting issue exists in the search plugin. This allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Malicious scripts can be executed in the browsers of users who visit crafted URLs containing the payload, which may lead to the theft of session cookies or actions performed on behalf of the affected users.

Recommendations Update to the version containing commit 6732dde.