CVE-2026-27742

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-27742

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27742.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-27742

Published

2026-02-23T22:16:25.440Z

Modified

2026-02-28T05:08:39.368408Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript into the content field of a post, which is stored and later rendered to other users without proper output encoding. When viewed, the injected script executes in the context of the victim’s browser, allowing session hijacking, credential theft, content manipulation, or other actions within the user’s privileges.

References

Affected packages

Git / github.com/bludit/bludit

Affected ranges

Type: GIT
Repo: https://github.com/bludit/bludit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3c02c864989aad0f3065faf296f99baeb1dc16ad

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27742.json"