CVE-2021-45744

MEDIUM

Bludit < 3.13.1 - Stored Cross-Site Scripting via Tags Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-45744. PoCs published by sanupl, plsanu.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2021-45744, a stored XSS vulnerability in Bludit 3.13.1. It explains the exploitation process via the TAGS field in the admin panel and includes a payload example.

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.

Exploits (3)

nomisec WRITEUP 1 stars
by sanupl · poc
https://github.com/sanupl/CVE-2021-45744

This repository provides a detailed technical writeup for CVE-2021-45744, a stored XSS vulnerability in Bludit 3.13.1. It explains the exploitation process via the TAGS field in the admin panel and includes a payload example.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Bludit 3.13.1
Auth required
Prerequisites: Admin access to Bludit panel
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WRITEUP
by sanupl · poc
https://github.com/sanupl/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS

This repository provides a detailed technical writeup for CVE-2021-45744, a stored XSS vulnerability in Bludit 3.13.1 via the TAGS field. It includes step-by-step exploitation instructions and a payload example.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Bludit 3.13.1
Auth required
Prerequisites: admin access to Bludit panel
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WRITEUP
by plsanu · poc
https://github.com/plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS

This repository contains a writeup detailing a stored XSS vulnerability in Bludit 3.13.1 via the TAGS field. The exploit involves injecting a malicious script into the TAGS section, which is then executed when the post is viewed.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Bludit 3.13.1
Auth required
Prerequisites: Admin access to the Bludit panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0144
EPSS Percentile 69.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
bludit/bludit < 3.13.1
Published Jan 06, 2022
Tracked Since Feb 18, 2026