CVE-2023-34845

MEDIUM

Bludit 3.14.1 - Arbitrary File Upload via SVG File in /admin/new-content

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34845. PoCs published by r4vanan.

AI-analyzed exploit summary This repository provides a detailed writeup and steps to reproduce a stored XSS vulnerability (CVE-2023-34845) in an unspecified web application. The attack involves uploading a malicious SVG file via the admin panel, which executes arbitrary JavaScript in the user's context.

Description

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).

Exploits (1)

nomisec WRITEUP 1 stars
by r4vanan · poc
https://github.com/r4vanan/CVE-2023-34845

This repository provides a detailed writeup and steps to reproduce a stored XSS vulnerability (CVE-2023-34845) in an unspecified web application. The attack involves uploading a malicious SVG file via the admin panel, which executes arbitrary JavaScript in the user's context.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: unspecified web application (admin panel at /admin/new-content)
Auth required
Prerequisites: Valid credentials for the admin panel · Ability to upload files (SVG) via the image upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0080
EPSS Percentile 52.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-434
Status published
Products (1)
bludit/bludit 3.14.1
Published Jun 16, 2023
Tracked Since Feb 18, 2026