CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3CVE-2020-4040 – CSRF issue on preview pages in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a ser generadas por los administradores, desarrolladores, jefes de redacción y editores, que están autorizados para crear contenido en la aplicación. • https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20058
https://notcve.org/view.php?id=CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 ** EN DISPUTA ** Bolt versión 3.7.0, si Symfony Web Profiler es usado, permite un ataque de tipo XSS porque una entrada no saneada search?search= se muestra en la página _profiler. • https://github.com/bolt/bolt/issues/7830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15485
https://notcve.org/view.php?id=CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Bolt anterior de la versión 3.6.10 tiene XSS a través de createFolder o createFile en Controller / Async / FilesystemManager.php. • https://github.com/bolt/bolt/pull/7800 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15484
https://notcve.org/view.php?id=CVE-2019-15484
Bolt before 3.6.10 has XSS via an image's alt or title field. Bolt versiones anteriores a 3.6.10 tiene XSS a través del campo alt o título de una imagen. • https://github.com/bolt/bolt/pull/7801 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15483
https://notcve.org/view.php?id=CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Bolt anterior de la versión 3.6.10 tiene XSS a través de un título que se maneja mal en el registro del sistema. • https://github.com/bolt/bolt/pull/7802 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •