Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47278

Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.6 Description An issue exists in the HTML Attribute Handler component within the file src/Storage/Field/Type/TextType.php. A remote attacker can perform HTML injection by manipulating the style argument. This...

5.1CVSS5.5AI score0.00191EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.7AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:0 a.m.10 views

EUVD-2026-33350

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/10/01 11:11 p.m.7 views

Bolt before 3.6.10 has XSS via an image's alt or title field.

...

6.1CVSS7AI score0.00861EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.5 views

Bolt CMS 跨站脚本漏洞

Bolt CMS is Bolt CMS open source PHP-based open source content management system . A cross-site scripting vulnerability exists in Bolt CMS version 3.7.1, which stems from the parameter textarea in the file /bolt/editcontent/showcases that causes cross-site scripting. No details of the vulnerabili...

5.4CVSS4.3AI score0.00403EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.3 views

SUSE CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...

8.6CVSS6.8AI score0.01766EPSS
Exploits3References4
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.6 views

Bolt Financial Bolt CMS 安全漏洞

Bolt Financial Bolt CMS is an open source PHP-based content management system from Bolt Financial. A security vulnerability exists in Bolt Financial Bolt CMS version 5.1.12 that originates from allowing an authenticated user with ROLEEDITOR privileges to upload and rename malicious files, which c...

8.8CVSS8.3AI score0.23362EPSS
Exploits2References3
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.8 views

Bolt CMS Security Vulnerability

Bolt CMS is an open source PHP-based content management system for the Bolt BOLT community. A security vulnerability exists in Bolt versions prior to 3.7.2, which stems from a filter option in the Twig context that restricts requests, and is therefore inconsistent with the "How to Enhance PHP for...

5.3CVSS5.8AI score0.01085EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/09 12:0 a.m.2 views

Bolt CMS Cross-Site Request Forgery Vulnerability (CNVD-2020-35947)

Bolt CMS is a PHP-based open source content management system for the Bolt community. A cross-site request forgery vulnerability exists in Bolt CMS versions prior to 3.7.1. The vulnerability stems from a WEB application that does not adequately validate whether a request is coming from a trusted...

8.6CVSS8.6AI score0.01766EPSS
Exploits3References1
CNVD
CNVD
added 2019/08/27 12:0 a.m.3 views

Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2019-29166)

Bolt CMS is a PHP-based open source content management system for the Bolt community. A cross-site scripting vulnerability exists in the Controller/Async/FilesystemManager.php file in Bolt CMS versions prior to 3.6.10, which can be exploited by an attacker to execute client-side code...

6.1CVSS8.2AI score0.00861EPSS
Exploits0References1
Rows per page
Query Builder