Bolt Security Vulnerabilities and Issues — Bolt CVE List

Lucene search

BoltcmsBolt

6 matches found

CVE•added 2020/12/30 7:15 p.m.•185 views

CVE-2020-28925

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

5.3CVSS5.5AI score0.00344EPSS

CVE•added 2017/11/10 2:29 a.m.•156 views

CVE-2017-16754

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

5.3CVSS5.1AI score0.0038EPSS

CVE•added 2024/07/31 7:15 a.m.•47 views

CVE-2024-7300

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the...

5.4CVSS3.7AI score0.00082EPSS

CVE•added 2024/07/31 7:15 a.m.•42 views

CVE-2024-7299

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack...

5.4CVSS3.8AI score0.00076EPSS

CVE•added 2017/07/17 7:29 p.m.•40 views

CVE-2017-11128

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2017/07/17 7:29 p.m.•39 views

CVE-2017-11127

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.

5.4CVSS5.1AI score0.00206EPSS