Bolt Security Vulnerabilities and Issues — Bolt CVE List

Lucene search

BoltcmsBolt

3 matches found

CVE•added 2017/11/10 2:29 a.m.•156 views

CVE-2017-16754

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

5.3CVSS5.1AI score0.0038EPSS

CVE•added 2017/07/17 7:29 p.m.•40 views

CVE-2017-11128

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2017/07/17 7:29 p.m.•39 views

CVE-2017-11127

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.

5.4CVSS5.1AI score0.00206EPSS