Show filters
35 Total Results
Displaying 21-30 of 35
Sort by:
Attacker Value
Unknown

CVE-2019-9553

Disclosure Date: December 31, 2019 (last updated November 27, 2024)
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-15485

Disclosure Date: August 23, 2019 (last updated November 27, 2024)
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
0
0
Attacker Value
Unknown

CVE-2019-15483

Disclosure Date: August 23, 2019 (last updated November 27, 2024)
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.
0
0
Attacker Value
Unknown

CVE-2019-15484

Disclosure Date: August 23, 2019 (last updated November 27, 2024)
Bolt before 3.6.10 has XSS via an image's alt or title field.
0
0
Attacker Value
Unknown

CVE-2019-20058

Disclosure Date: June 19, 2019 (last updated November 08, 2023)
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-10874

Disclosure Date: April 05, 2019 (last updated November 27, 2024)
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
0
0
Attacker Value
Unknown

CVE-2019-9185

Disclosure Date: March 07, 2019 (last updated November 27, 2024)
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
0
0
Attacker Value
Unknown

CVE-2018-19933

Disclosure Date: December 17, 2018 (last updated November 27, 2024)
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
0
0
Attacker Value
Unknown

CVE-2017-1000442

Disclosure Date: January 02, 2018 (last updated November 26, 2024)
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
0
0
Attacker Value
Unknown

CVE-2017-16754

Disclosure Date: November 10, 2017 (last updated November 26, 2024)
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
0
0
View More Topics  < Previous  Next >