Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
boltcms bolt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31321
The foldername parameter in Bolt 5.1.7 exists to have incorrect input validation, allowing malicious users to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.
Boltcms Bolt
5
CVSSv2
CVE-2021-27367
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt prior to 4.1.13 allow Directory Traversal.
Boltcms Bolt
5
CVSSv2
CVE-2020-28925
Bolt prior to 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.
Boltcms Bolt
4.3
CVSSv2
CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection...
Boltcms Bolt
4.3
CVSSv2
CVE-2020-4041
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, ...
Boltcms Bolt
4.3
CVSSv2
CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
Boltcms Bolt 3.6.4
1 EDB exploit
4.3
CVSSv2
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
Boltcms Bolt 3.7.0
4.3
CVSSv2
CVE-2019-15483
Bolt prior to 3.6.10 has XSS via a title that is mishandled in the system log.
Boltcms Bolt
4.3
CVSSv2
CVE-2019-15484
Bolt prior to 3.6.10 has XSS via an image's alt or title field.
Boltcms Bolt
4.3
CVSSv2
CVE-2019-15485
Bolt prior to 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
Boltcms Bolt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »