Bludit v3.16.2 XSS Vulnerability: When “Add New Content” Bites Back!

Andrey Stoykov reveals Bludit version 3.16.2’s spicy new feature: a stored XSS exploit in the “Add New Content” functionality. Just a few clicks and a little malicious code, and voila—your site could be hosting more bugs than an entomologist’s dream vacation!

1P
Published: July 8, 2025 3:09 amAdded: July 7, 2025 at 8:43 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Bludit v3.16.2 has been caught with its pants down, thanks to a sneaky XSS vulnerability that lets mischievous web wizards turn a simple content addition into a front-row seat at the JavaScript circus! Watch out, because this is one magic trick that nobody signed up for. Time to patch up and play it safe, Bludit!

Key Points:

– Bludit v3.16.2 has a stored XSS vulnerability in the “Add New Content” functionality.
– The exploit requires access to an admin account to trigger the vulnerability.
– The issue was discovered by cybersecurity whistleblower Andrey Stoykov.
– Tested specifically on Debian 12, the exploit can impact other environments running the same version.
– The exploit involves injecting JavaScript code, which is executed when content is previewed.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?