CVE-2017-11127
Bolt CMS 3.2.14 is affected by a stored XSS via uploading an SVG document with Content-Type: image/svg+xml. The vulnerability stems from how Bolt handles SVG uploads, enabling arbitrary script execution in stored context. Affected component is Bolt CMS’s upload/SVG handling for page content. Impa...