{"id":"CVE-2023-31698","details":"Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).","modified":"2026-07-08T07:34:22.459179534Z","published":"2023-05-17T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31698.json","cna_assigner":"mitre","isDisputed":true},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31698.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31698"},{"type":"REPORT","url":"https://github.com/bludit/bludit/issues/1212#issuecomment-649514491"},{"type":"REPORT","url":"https://github.com/bludit/bludit/issues/1369#issuecomment-940806199"},{"type":"REPORT","url":"https://github.com/bludit/bludit/issues/1509"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bludit/bludit","events":[{"introduced":"e5a7735360c1bfe62b38cb02881b07952ddf2211"},{"last_affected":"e5a7735360c1bfe62b38cb02881b07952ddf2211"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"3.14.1"},{"last_affected":"3.14.1"}],"cpe":"cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*"}}],"versions":["3.14.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31698.json"}}],"schema_version":"1.7.5"}