10 matches found
PT-2026-47278
Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.6 Description An issue exists in the HTML Attribute Handler component within the file src/Storage/Field/Type/TextType.php. A remote attacker can perform HTML injection by manipulating the style argument. This...
CVE-2026-39229
Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...
EUVD-2026-33350
Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...
Bolt before 3.6.10 has XSS via an image's alt or title field.
...
Bolt CMS 跨站脚本漏洞
Bolt CMS is Bolt CMS open source PHP-based open source content management system . A cross-site scripting vulnerability exists in Bolt CMS version 3.7.1, which stems from the parameter textarea in the file /bolt/editcontent/showcases that causes cross-site scripting. No details of the vulnerabili...
SUSE CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...
Bolt Financial Bolt CMS 安全漏洞
Bolt Financial Bolt CMS is an open source PHP-based content management system from Bolt Financial. A security vulnerability exists in Bolt Financial Bolt CMS version 5.1.12 that originates from allowing an authenticated user with ROLEEDITOR privileges to upload and rename malicious files, which c...
Bolt CMS Security Vulnerability
Bolt CMS is an open source PHP-based content management system for the Bolt BOLT community. A security vulnerability exists in Bolt versions prior to 3.7.2, which stems from a filter option in the Twig context that restricts requests, and is therefore inconsistent with the "How to Enhance PHP for...
Bolt CMS Cross-Site Request Forgery Vulnerability (CNVD-2020-35947)
Bolt CMS is a PHP-based open source content management system for the Bolt community. A cross-site request forgery vulnerability exists in Bolt CMS versions prior to 3.7.1. The vulnerability stems from a WEB application that does not adequately validate whether a request is coming from a trusted...
Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2019-29166)
Bolt CMS is a PHP-based open source content management system for the Bolt community. A cross-site scripting vulnerability exists in the Controller/Async/FilesystemManager.php file in Bolt CMS versions prior to 3.6.10, which can be exploited by an attacker to execute client-side code...