Bolt : Security Vulnerabilities, CVEs,

CVE-2022-36532

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Max CVSS
8.8
EPSS Score
0.30%
Published
2022-09-16
Updated
2022-09-19

CVE-2021-40219

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Max CVSS
8.8
EPSS Score
4.09%
Published
2022-04-11
Updated
2022-04-15

CVE-2018-19933

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
Max CVSS
6.1
EPSS Score
0.69%
Published
2018-12-17
Updated
2019-01-07

CVE-2017-11128

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-07-17
Updated
2017-07-19

CVE-2017-11127

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-07-17
Updated
2017-07-19
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close