Vendor
Boltcms
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11128 | Med | 0.35 | 5.4 | 0.00 | Jul 17, 2017 | Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | |
| CVE-2017-11127 | Med | 0.35 | 5.4 | 0.00 | Jul 17, 2017 | Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | |
| CVE-2017-16754 | Med | 0.27 | 5.3 | 0.00 | Nov 10, 2017 | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. |