Known Vulnerabilities for products from Boltcms
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Boltcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-31321 json | The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform direc... | Not Provided | 2022-08-01 | 2026-07-09 |
| CVE-2021-27367 json | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Direct... | 7.5 - HIGH | 2021-02-17 | 2021-02-23 |
| CVE-2020-28925 json | Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "... | 5.3 - MEDIUM | 2020-12-30 | 2021-01-04 |
| CVE-2020-4041 json | In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject j... | 6.1 - MEDIUM | 2020-06-08 | 2022-10-07 |
| CVE-2020-4040 json | Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generate... | 4.3 - MEDIUM | 2020-06-08 | 2022-10-07 |
| CVE-2019-20058 json | ** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on t... | 6.1 - MEDIUM | 2019-12-29 | 2023-11-07 |
| CVE-2019-15485 json | Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | 6.1 - MEDIUM | 2019-08-23 | 2021-01-04 |
| CVE-2019-15484 json | Bolt before 3.6.10 has XSS via an image's alt or title field. | 6.1 - MEDIUM | 2019-08-23 | 2021-01-04 |
| CVE-2019-15483 json | Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | 6.1 - MEDIUM | 2019-08-23 | 2021-01-04 |
| CVE-2019-10874 json | Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute... | 8.8 - HIGH | 2019-04-05 | 2021-01-04 |
| CVE-2019-9553 json | Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2... | 6.1 - MEDIUM | 2019-12-31 | 2021-01-04 |
| CVE-2019-9185 json | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary P... | 8.8 - HIGH | 2019-03-07 | 2021-01-04 |
| CVE-2017-16754 json | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Pr... | Not Provided | 2017-11-10 | 2025-04-20 |
| CVE-2017-11128 json | Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | Not Provided | 2017-07-17 | 2025-04-20 |
| CVE-2017-11127 json | Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | Not Provided | 2017-07-17 | 2025-04-20 |
| CVE-2015-7309 json | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticate... | Not Provided | 2015-09-22 | 2026-05-06 |
Known software with vulnerabilities from Boltcms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Boltcms | Bolt | 0.8.4 |