Lucene search
K

5 matches found

CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.168 views

CVE-2020-4041 affecting package bolt 0.9.2-2

CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...

7.4CVSS7.5AI score0.02026EPSS
Exploits3
Rosalinux
Rosalinux
added 2021/07/02 4:34 p.m.94 views

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

8.8CVSS6.8AI score0.38611EPSS
Exploits12
NVD
NVD
added 2020/06/08 10:15 p.m.24 views

CVE-2020-4041

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to...

7.4CVSS7.3AI score0.02026EPSS
Exploits3References5
OSV
OSV
added 2020/06/08 10:15 p.m.24 views

CVE-2020-4041

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to...

6.1CVSS6.1AI score
Exploits0References5
CVE
CVE
added 2020/06/08 10:5 p.m.182 views

CVE-2020-4041

CVE-2020-4041 (Bolt CMS) affects Bolt CMS versions before 3.7.1. The vulnerability concerns the filename of uploaded files, which is stored in a way that allows stored XSS after the file is created/uploaded. Although initial file names cannot inject JavaScript, renaming the file post-upload can i...

7.4CVSS6.1AI score0.02026EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder