Page 2 of 7 results (0.007 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a ser generadas por los administradores, desarrolladores, jefes de redacción y editores, que están autorizados para crear contenido en la aplicación. • https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 ** EN DISPUTA ** Bolt versión 3.7.0, si Symfony Web Profiler es usado, permite un ataque de tipo XSS porque una entrada no saneada search?search= se muestra en la página _profiler. • https://github.com/bolt/bolt/issues/7830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •