CVE-2026-41456

Source
https://cve.org/CVERecord?id=CVE-2026-41456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41456
Published
2026-04-21T18:03:00.332Z
Modified
2026-07-16T03:31:09.534438734Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Bludit CMS Reflected XSS via Search Plugin
Details

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41456.json"
}
References

Affected packages

Git / github.com/bludit/bludit

Affected ranges

Type
GIT
Repo
https://github.com/bludit/bludit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.20"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41456.json"