Description

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.

INFO

Published Date :

2026-04-21T18:03:00.332Z

Last Modified :

2026-04-21T18:46:34.003Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41456 vulnerability.

Vendors Products
Bludit
  • Bludit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41456.

URL Resource
https://gist.github.com/thepiyushkumarshukla/36b213cdb3c7d603e23fd23605cd681e cve-icon cve-icon
https://github.com/bludit/bludit/commit/6732ddedda8b73ce0a017a1b6adf685100244e01 cve-icon cve-icon
https://github.com/bludit/bludit/pull/1691 cve-icon cve-icon
https://www.vulncheck.com/advisories/bludit-cms-reflected-xss-via-search-plugin cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability