CVE Catalog

CVE-2026-41456

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.

Risk Assessment

The risk for the organization includes the possibility of session theft and unauthorized actions performed on behalf of users, potentially leading to data confidentiality breaches and system integrity compromise.

Recommendation

It is recommended to immediately update Bludit CMS to a version containing commit 6732dde or later, and to implement input validation and encoding in the search plugin.

Original NVD description (English source)

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS