CVE-2026-41456

CVE-2026-41456CVE-2026-41456

Description

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.

Scoring

Last modified2026-07-14
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.