Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bolt vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection...
Boltcms Bolt
383
VMScore
CVE-2020-4041
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, ...
Boltcms Bolt
435
VMScore
CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
Boltcms Bolt 3.6.4
1 EDB exploit
383
VMScore
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
Boltcms Bolt 3.7.0
NA
CVE-2019-17591
Bolt CMS version 3.6.10 suffers from a cross site request forgery vulnerability.
383
VMScore
CVE-2019-15484
Bolt prior to 3.6.10 has XSS via an image's alt or title field.
Boltcms Bolt
383
VMScore
CVE-2019-15483
Bolt prior to 3.6.10 has XSS via a title that is mishandled in the system log.
Boltcms Bolt
383
VMScore
CVE-2019-15485
Bolt prior to 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
Boltcms Bolt
685
VMScore
CVE-2019-10874
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote malicious users to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
Boltcms Bolt 3.6.6
1 EDB exploit
578
VMScore
CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt prior to 3.6.5 allows remote malicious users to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
Boltcms Bolt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »