10 matches found
EUVD-2022-1977
Malicious code in bioql PyPI...
GHSA-2G23-QMMP-FVMR Bolt Cross-site Scripting via the slug, teaser or title parameters
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933...
Sql injection
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933...
CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933...
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the...
Bolt CMS < 3.6.2 - Cross-Site Scripting
Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. PoC Video:...
CVE-2018-19933
Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...
CVE-2018-19933
Bolt CMS before 3.6.2 is vulnerable to cross-site scripting via the text input click preview button, demonstrated by the Title field of a configured or new entry. Related advisories (GHSA-2G23-QMMP-FVMR, OSV entries) link this XSS to Bolt 3.6.4 and earlier references, including a public exploit/d...