XSS in Bludit

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with content upload privileges (such as Author, Editor, or Administrator) can upload an SVG file containing a malicious…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (6.0th percentile) — read the EPSS interpretation.