CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31321
https://notcve.org/view.php?id=CVE-2022-31321
01 Aug 2022 — The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Se ha detectado que el parámetro foldername en Bolt versión 5.1.7, presenta una comprobación de entrada incorrecta, permitiendo a atacantes llevar a cabo una enumeración de directorios o causar una Denegación de Servicio (DoS) por medio de una entrada diseñada • http://bolt.com • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27367
https://notcve.org/view.php?id=CVE-2021-27367
17 Feb 2021 — Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Los archivos Controller/Backend/FileEditController.php y Controller/Backend/FilemanagerController.php en Bolt versiones anteriores a 4.1.13, permiten un Salto de Directorio • https://github.com/bolt/core/pull/2371 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28925
https://notcve.org/view.php?id=CVE-2020-28925
30 Dec 2020 — Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. Bolt versiones anteriores a 3.7.2, no restringe las opciones de filtro en una petición en el contexto de Twig y, por lo tanto, es inconsistente con la guía "How to Harden Your PHP for Better Security". • https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-4041 – The filename of uploaded files vulnerable to stored XSS in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4041
08 Jun 2020 — In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. • https://packetstorm.news/files/id/158299 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 4CVE-2020-4040 – CSRF issue on preview pages in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4040
08 Jun 2020 — Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a se... • https://packetstorm.news/files/id/158299 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20058
https://notcve.org/view.php?id=CVE-2019-20058
29 Dec 2019 — Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 ** EN DISPUTA ** Bolt versión 3.7.0, si Symfony Web Profiler es usado, permite un ataque de tipo XSS porque una entrada no saneada search?search= se muestra en la página _profiler. • https://github.com/bolt/bolt/issues/7830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15485
https://notcve.org/view.php?id=CVE-2019-15485
23 Aug 2019 — Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Bolt anterior de la versión 3.6.10 tiene XSS a través de createFolder o createFile en Controller / Async / FilesystemManager.php. • https://github.com/bolt/bolt/pull/7800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15484
https://notcve.org/view.php?id=CVE-2019-15484
23 Aug 2019 — Bolt before 3.6.10 has XSS via an image's alt or title field. Bolt versiones anteriores a 3.6.10 tiene XSS a través del campo alt o título de una imagen. • https://github.com/bolt/bolt/pull/7801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15483
https://notcve.org/view.php?id=CVE-2019-15483
23 Aug 2019 — Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Bolt anterior de la versión 3.6.10 tiene XSS a través de un título que se maneja mal en el registro del sistema. • https://github.com/bolt/bolt/pull/7802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 19%CPEs: 1EXPL: 4CVE-2019-10874 – Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-10874
05 Apr 2019 — Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de subida de archivos "bolt/upload" en Bolt CMS, en su versión 3.6.6, permite a los atacantes remotos ejecutar código arbitrario subiendo un archivo JavaScript para incluir ext... • https://packetstorm.news/files/id/152429 • CWE-352: Cross-Site Request Forgery (CSRF) •