10 matches found
EUVD-2019-0744
Malware in sbrugna...
CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
Cross-site Scripting in Bolt
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
GHSA-CJ8P-53V9-2C26 Cross-site Scripting in Bolt
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
Cross-site Scripting (XSS)
bolt/bolt is vulnerable to cross-site scripting XSS. The vulnerability exists as the values of parentPath and folderName in FilesystemManager.php is not sanitized, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the affected parameters...
CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
Design/Logic Flaw
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...
CVE-2019-15485
CVE-2019-15485: Bolt before 3.6.10 is vulnerable to cross-site scripting via createFolder or createFile in Controller/Async/FilesystemManager.php. The issue affects Bolt CMS versions prior to 3.6.10 and is exploitable through crafted input in file/folder creation paths, as documented in multiple ...
Code injection
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...