Filtered by vendor Boltcms
Subscribe
Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15483 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | |||||
| CVE-2019-15484 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt before 3.6.10 has XSS via an image's alt or title field. | |||||
| CVE-2019-15485 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | |||||
| CVE-2017-16754 | 1 Boltcms | 1 Bolt | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | |||||
| CVE-2020-28925 | 1 Boltcms | 1 Bolt | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. | |||||
| CVE-2020-4041 | 1 Boltcms | 1 Bolt | 2020-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | |||||
| CVE-2020-4040 | 1 Boltcms | 1 Bolt | 2020-07-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | |||||
| CVE-2019-20058 | 1 Boltcms | 1 Bolt | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040. | |||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | |||||