Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke

...

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php

...

Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2019-29166)

Bolt CMS is a PHP-based open source content management system for the Bolt community. A cross-site scripting vulnerability exists in the Controller/Async/FilesystemManager.php file in Bolt CMS versions prior to 3.6.10, which can be exploited by an attacker to execute client-side code...

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...