-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security

Vulnerability Details

Registries

Custom Views

Weaknesses

Attack Patterns

Filters & Tools

blesta

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2

Related CVEs Related Vendors Related Assigners Reports

2Vulnerabilities found

Assigner-MITRE Corporation

Assigner-MITRE Corporation

CVSS Score-4.7||MEDIUM

EPSS-0.01% / 1.00%

||

7 Day CHG-0.02%

Published-03 Feb, 2026 | 19:21

Updated-18 Feb, 2026 | 18:44

Rejected-Not Available

Known To Be Used In Ransomware Campaigns?-Not Available

KEV Added-Not Available

KEV Action Due Date-Not Available

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.

Action-Not Available

Vendor-phillipsdata Blesta

Product-blesta Blesta

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner-MITRE Corporation

Assigner-MITRE Corporation

CVSS Score-7.1||HIGH

EPSS-0.26% / 48.74%

||

7 Day CHG~0.00%

Published-28 Feb, 2024 | 00:00

Updated-13 May, 2025 | 14:58

Rejected-Not Available

Known To Be Used In Ransomware Campaigns?-Not Available

KEV Added-Not Available

KEV Action Due Date-Not Available

A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.

Action-Not Available

Vendor-phillipsdata n/a blesta

Product-blesta n/a blesta

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')