bolt/bolt Security Advisories for 2.1.x-dev (9)
-
[MEDIUM] Bolt Cross-site Scripting (XSS) via an image's alt or title field
PKSA-dd4d-zp1r-7fr7 CVE-2019-15484 GHSA-fp8m-xw3f-6h7x
Affected version: <3.6.10
Reported by:
GitHub -
[MEDIUM] Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log
PKSA-xvnh-qjyz-kbmd CVE-2019-15483 GHSA-ph84-vg7q-fqq8
Affected version: <3.6.10
Reported by:
GitHub -
[MEDIUM] Bolt CMS Stored XSS
PKSA-wqvm-nbyq-xr4c CVE-2017-11127 GHSA-hqxc-w9vw-3hp5
Affected version: <=3.2.14
Reported by:
GitHub -
[HIGH] Bolt Unrestricted Upload of File with Dangerous Type
PKSA-bm6g-tspj-1gvs CVE-2019-9185 GHSA-gmg5-f2gm-p3h7
Affected version: <3.6.5
Reported by:
GitHub -
[MEDIUM] Bolt Improper Access Control
PKSA-r9k9-jjg5-1423 CVE-2017-16754 GHSA-wr23-m9m2-jjf4
Affected version: <3.3.6
Reported by:
GitHub -
[MEDIUM] OS Command injection in Bolt
PKSA-v1tz-xdz7-sr4b CVE-2020-28925 GHSA-w8cj-mvf9-mpc9
Affected version: <3.7.2
Reported by:
GitHub -
[HIGH] CSRF issue on preview pages in Bolt CMS
PKSA-gptm-wvwx-nssm CVE-2020-4040 GHSA-2q66-6cc3-6xm8
Affected version: <3.7.1
Reported by:
GitHub -
[HIGH] The filename of uploaded files vulnerable to stored XSS
PKSA-zsss-7rtd-kmzf CVE-2020-4041 GHSA-68q3-7wjp-7q3j
Affected version: <3.7.1
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Bolt
PKSA-hxcd-7rxr-kwnh CVE-2019-15485 GHSA-cj8p-53v9-2c26
Affected version: <3.6.10
Reported by:
GitHub