bolt/bolt is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of parentPath
and folderName
in FilesystemManager.php
is not sanitized, allowing a remote attacker to inject arbitrary Javascript into a victim’s browser through the affected parameters.