XSS in Bludit
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execut…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (38.5th percentile) — read the EPSS interpretation.
Affected products
- Bludit — versions 0, 6732ddedda8b73ce0a017a1b6adf685100244e01
Weakness classification (CWE)
References
- gist.github.com/thepiyushkumarshukla/36b213cdb3c7d603e23fd23605cd681e (technical-description, exploit)
- github.com/bludit/bludit/pull/1691 (issue-tracking)
- github.com/bludit/bludit/commit/6732ddedda8b73ce0a017a1b6adf685100244e01 (patch)
- www.vulncheck.com/advisories/bludit-cms-reflected-xss-via-search-plugin (third-party-advisory)