CVE-2020-8812: XSS
First published: Fri Feb 07 2020(Updated: )
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bludit | =3.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8812?
CVE-2020-8812 is a vulnerability in Bludit 3.10.0 that allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor.
How severe is CVE-2020-8812?
CVE-2020-8812 has a severity rating of 5.4, which is considered medium.
What software versions are affected by CVE-2020-8812?
CVE-2020-8812 affects Bludit version 3.10.0.
How can Editor or Author roles insert malicious JavaScript on the WYSIWYG editor in Bludit 3.10.0?
Editor or Author roles can insert malicious JavaScript on the WYSIWYG editor in Bludit 3.10.0, allowing them to potentially execute harmful actions.
Is CVE-2020-8812 considered a bug by the vendor?
The vendor disputes that CVE-2020-8812 is a bug.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bludit
- canonical/bludit
- version/bludit/3.10.0
- status/disputed