19 matches found
CVE-2020-28925
Bolt CMS prior to 3.7.2 does not restrict filter options in a Request when rendered in Twig context, per CVE-2020-28925. Root cause: unrestricted filter parameters in Twig requests. Impact stated in sources is primarily that this is inconsistent with securing PHP guidance; no exploitation details...
CVE-2021-27367
Bolt CMS prior to version 4.1.13 contains a directory traversal vulnerability in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php (CVE-2021-27367). The issue allows an attacker to traverse directories, potentially exposing sensitive files. The connected R...
CVE-2019-15485
CVE-2019-15485: Bolt before 3.6.10 is vulnerable to cross-site scripting via createFolder or createFile in Controller/Async/FilesystemManager.php. The issue affects Bolt CMS versions prior to 3.6.10 and is exploitable through crafted input in file/folder creation paths, as documented in multiple ...
CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Unauthorized users could generate previews intended for admins, editors, or similar roles. This was fixed in Bolt 3.7.1; affected versions are prior to that release.
CVE-2020-4041
CVE-2020-4041 (Bolt CMS) affects Bolt CMS versions before 3.7.1. The vulnerability concerns the filename of uploaded files, which is stored in a way that allows stored XSS after the file is created/uploaded. Although initial file names cannot inject JavaScript, renaming the file post-upload can i...
CVE-2022-31321
The CVE-2022-31321 entry concerns Bolt CMS, affecting version 5.1.7, where the foldername parameter suffers improper input validation. The concrete impact described in the connected documents is directory enumeration and potential Denial of Service (DoS) caused by crafted input. The NVD entry lis...
CVE-2015-7309
CVE-2015-7309 impacts Bolt CMS: the theme editor (pre-2.2.5) does not validate file extensions when renaming files, enabling remote authenticated users to execute arbitrary PHP code by renaming a crafted file and then directly accessing it. The vulnerability stems from the lack of extension check...
CVE-2017-16754
Bolt CMS before version 3.3.6 does not properly restrict access to the _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. The issue is described as an improper access control vulnerability in Bolt prior to 3.3.6. The available connected ...
CVE-2019-15484
CVE-2019-15484 affects Bolt before 3.6.10 with an XSS via an image’s alt or title field. The root cause is tied to unsanitized image metadata in Bolt’s handling/rendering path. The connected documents note a fix in Bolt 3.6.10 (release/tag 3.6.10). Exploitation details are not provided in the sup...
CVE-2019-9185
Bolt CMS prior to 3.6.5 is affected by a vulnerability in the filemanager’s Controller/Async/FilesystemManager.php that allows remote code execution by renaming a previously uploaded file to have a .php extension. Public references indicate the fix was released in Bolt 3.6.5 (see Bolt v3.6.5 rele...
CVE-2019-15483
CVE-2019-15483 affects Bolt CMS (Bolt) prior to version 3.6.10. The vulnerability is a cross-site scripting (XSS) flaw caused by mishandling a title in the system log, enabling an attacker to inject and execute client-side code under certain log-processing conditions. The issue is addressed in Bo...
CVE-2019-20058
CVE-2019-20058 affects Bolt 3.7.0 when the Symfony Web Profiler is enabled. The issue is an XSS vulnerability caused by unsanitized input (search?search=) being reflected on the profiler page; the vulnerability is disputed since the profiler is not intended for production use. Related to CVE-2018...
CVE-2019-9553
Bolt CMS 3.6.4 is vulnerable to a cross-site scripting (XSS) flaw in the editcontent/pages endpoint triggered by the slug, teaser, or title parameters. The issue is related to CVE-2017-11128 and CVE-2018-19933. According to the provided description, the vulnerability allows XSS via user-supplied ...
CVE-2019-10874
Bolt CMS 3.6.6 is affected by a CSRF in the bolt/upload file upload feature. An attacker can upload a JavaScript file to trigger code execution by manipulating the file/edit/config/config.yml configuration, enabling arbitrary code execution on the server. The vulnerability is described across mul...
CVE-2024-7300
Bolt CMS 3.7.1 is affected by a Cross‑Site Scripting (XSS) vulnerability in the Showcase Creation Handler. The issue resides in an unknown function of the file /bolt/editcontent/showcases, where manipulation of the title/textarea argument enables remote execution of scripts. The vulnerability can...
CVE-2017-11128
CVE-2017-11128 affects Bolt CMS (notably version 3.2.14) and is caused by stored XSS via the Title field when creating a new entry. The vulnerability arises from unsanitized text input in a content title, enabling script execution in contexts where the title is displayed. Public references in the...
CVE-2024-7299
Bolt CMS 3.7.1 is affected by a cross-site scripting vulnerability in the Entry Preview Handler, specifically when processing the /preview/page endpoint. The root cause is manipulation of the body parameter in that component, which can be exploited remotely. The issue is associated with end-of-li...
CVE-2017-11127
Bolt CMS 3.2.14 is affected by a stored XSS via uploading an SVG document with Content-Type: image/svg+xml. The vulnerability stems from how Bolt handles SVG uploads, enabling arbitrary script execution in stored context. Affected component is Bolt CMS’s upload/SVG handling for page content. Impa...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier are affected by an authenticated remote code execution chain. An authenticated user can inject PHP code into the displayname field, which is rendered unsanitized in backend templates. The attacker can enumerate and rename cached session files via /async/browse/...