Cross-Site Scripting (XSS)

bolt/bolt is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the title and slug parameters in a POST request to /bolt/editcontent/pages