Bolt Cms@* Security Vulnerabilities and Issues — Bolt Cms@* CVE List

Lucene search

BoltBolt Cms*

5 matches found

CVE•added 2020/06/08 10:15 p.m.•166 views

CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized user...

8.6CVSS4.8AI score0.00391EPSS

CVE•added 2020/06/08 10:15 p.m.•165 views

CVE-2020-4041

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to pre...

7.4CVSS6.1AI score0.00717EPSS

CVE•added 2022/04/11 5:15 p.m.•103 views

CVE-2021-40219

Bolt CMS

8.8CVSS9.1AI score0.05034EPSS

CVE•added 2018/12/17 7:29 p.m.•57 views

CVE-2018-19933

Bolt CMS

6.1CVSS5.8AI score0.0305EPSS

CVE•added 2022/09/16 3:15 a.m.•39 views

CVE-2022-36532

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

8.8CVSS8.9AI score0.76661EPSS