3 matches found
CVE-2026-56385
Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...
SUSE CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...
PT-2020-17847 · Bolt · Bolt Cms
Name of the Vulnerable Software and Affected Versions: Bolt CMS versions prior to 3.7.1 Description: The issue is related to the lack of proper CSRF protection in the preview generating endpoint. This endpoint is intended for use by authorized users such as admins, developers, chief-editors, and...