CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3CVE-2020-4040 – CSRF issue on preview pages in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a ser generadas por los administradores, desarrolladores, jefes de redacción y editores, que están autorizados para crear contenido en la aplicación. • https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15485
https://notcve.org/view.php?id=CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Bolt anterior de la versión 3.6.10 tiene XSS a través de createFolder o createFile en Controller / Async / FilesystemManager.php. • https://github.com/bolt/bolt/pull/7800 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15484
https://notcve.org/view.php?id=CVE-2019-15484
Bolt before 3.6.10 has XSS via an image's alt or title field. Bolt versiones anteriores a 3.6.10 tiene XSS a través del campo alt o título de una imagen. • https://github.com/bolt/bolt/pull/7801 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15483
https://notcve.org/view.php?id=CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Bolt anterior de la versión 3.6.10 tiene XSS a través de un título que se maneja mal en el registro del sistema. • https://github.com/bolt/bolt/pull/7802 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 3CVE-2019-10874 – Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-10874
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de subida de archivos "bolt/upload" en Bolt CMS, en su versión 3.6.6, permite a los atacantes remotos ejecutar código arbitrario subiendo un archivo JavaScript para incluir extensiones ejecutables en el archivo de configuración en file/edit/config/config.yml. Bolt CMS version 3.6.6 suffers from cross site request forgery and code execution vulnerabilities. • https://www.exploit-db.com/exploits/46664 http://packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.html https://fgsec.net/from-csrf-to-rce-bolt-cms https://github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4 • CWE-352: Cross-Site Request Forgery (CSRF) •