Back to search
CVE-2026-41456
Published: Apr 21, 2026
Modified: May 14, 2026
PUBLISHED
Description
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.
| Vendor | Product | Versions |
|---|---|---|
bludit | bludit | affected 0 - <= 3.20unaffected 6732ddedda8b73ce0a017a1b6adf685100244e01 |
Weaknesses (CWE)
References
https://gist.github.com/thepiyushkumarshukla/36b213cdb3c7d603e23fd23605cd681e
technical-description
exploit
https://github.com/bludit/bludit/pull/1691
issue-tracking
https://www.vulncheck.com/advisories/bludit-cms-reflected-xss-via-search-plugin
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now