Show filters
35 Total Results
Displaying 31-35 of 35
Sort by:
Attacker Value
Unknown

CVE-2017-11128

Disclosure Date: July 17, 2017 (last updated February 15, 2025)
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
0
0
Attacker Value
Unknown

CVE-2017-11127

Disclosure Date: July 17, 2017 (last updated February 15, 2025)
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
0
0
Attacker Value
Unknown

CVE-2015-7309

Disclosure Date: September 22, 2015 (last updated October 05, 2023)
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
0
0
Attacker Value
Unknown

CVE-2013-2651

Disclosure Date: October 23, 2013 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
0
0
Attacker Value
Unknown

CVE-2004-1272

Disclosure Date: January 10, 2005 (last updated February 22, 2025)
Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.
0
0
View More Topics  < Previous