Bolt Security Vulnerabilities and Issues — Bolt CVE List

Lucene search

BoltcmsBolt

6 matches found

CVE•added 2019/08/23 1:15 p.m.•164 views

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.

6.1CVSS6AI score0.00305EPSS

CVE•added 2015/09/22 3:59 p.m.•155 views

CVE-2015-7309

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.

6.5CVSS7.4AI score0.60269EPSS

CVE•added 2019/08/23 1:15 p.m.•147 views

CVE-2019-15484

Bolt before 3.6.10 has XSS via an image's alt or title field.

6.1CVSS6AI score0.00305EPSS

CVE•added 2019/08/23 1:15 p.m.•140 views

CVE-2019-15483

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2019/12/29 7:15 p.m.•80 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040

6.1CVSS5.8AI score0.00328EPSS

CVE•added 2019/12/31 5:15 p.m.•65 views

CVE-2019-9553

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.

6.1CVSS5.6AI score0.0305EPSS