Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-27742
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-23 Feb, 2026 | 21:58
Updated At-23 Feb, 2026 | 22:00
Rejected At-
▼CVE Numbering Authority (CNA)
Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript into the content field of a post, which is stored and later rendered to other users without proper output encoding. When viewed, the injected script executes in the context of the victim’s browser, allowing session hijacking, credential theft, content manipulation, or other actions within the user’s privileges.

Affected Products
Vendor
Bludit
Product
Bludit
Repo
https://github.com/bludit/bludit
Default Status
unknown
Versions
Affected
  • From 0 through 3.16.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Catalin Iovita (@catalin-iovita)
finder
Beatriz Fresno Naumova
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bludit/bludit/issues/1579
issue-tracking
https://www.vulncheck.com/advisories/bludit-stored-xss-in-post-content
third-party-advisory
Hyperlink: https://github.com/bludit/bludit/issues/1579
Resource:
issue-tracking
Hyperlink: https://www.vulncheck.com/advisories/bludit-stored-xss-in-post-content
Resource:
third-party-advisory
Details not found