Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2020-8812

Disclosure Date: February 07, 2020 (last updated February 21, 2025)
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-8811

Disclosure Date: February 07, 2020 (last updated February 21, 2025)
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0