CVE-2026-27742— Bludit <= 3.16.2 Stored XSS in Post Content

Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript into the content field of a post, which is stored and later rendered to other users without proper output encoding. When viewed, the injected script executes in the context of the victim’s browser, allowing session hijacking, credential theft, content manipulation, or other actions within the user’s privileges.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Bludit 跨站脚本漏洞

Bludit是Bludit开源的一套开源的轻量级博客内容管理系统（CMS）。 Bludit 3.16.2版本存在跨站脚本漏洞，该漏洞源于帖子内容功能仅进行客户端清理，服务器端未执行等效清理，可能导致存储型跨站脚本攻击。

N/A

N/A