EPSS
Percentile
23.8%
Bolt CMS is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary javascript by uploading a SVG file with Content-Type: image/svg+xml in it’s header to the application when editing a page.
Content-Type: image/svg+xml
websecnerd.blogspot.sg/2017/07/bolt-cms-3.html