pkg:Packagist/bolt/bolt

All known vulnerabilities

• HIGH8.8CVE-2019-9185Bolt Unrestricted Upload of File with Dangerous Type
  from 0, < 3.6.5
• HIGH8.8CVE-2019-10874Bolt Cross Site Request Forgery (CSRF)
  >= 3.6.6, < 3.6.7
• HIGH8.6CVE-2020-4040CSRF issue on preview pages in Bolt CMS
  from 0, < 3.7.1
• HIGH7.4The filename of uploaded files vulnerable to stored XSS
  from 0, < 3.7.1
• MEDIUM6.1Bolt Cross-site Scripting (XSS) via an image's alt or title field
  from 0, < 3.6.10
• MEDIUM6.1Bolt Cross-site Scripting via the slug, teaser or title parameters
• MEDIUM6.1Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log
  from 0, < 3.6.10
• MEDIUM6.1Bolt Cross-site Scripting (XSS) via text input click preview button
  from 0, < 3.6.2
• MEDIUM6.1Cross-site Scripting in Bolt
  from 0, < 3.6.10
• MEDIUM5.4Bolt CMS Stored XSS
  from 0, <= 3.2.14
• MEDIUM5.4Bolt stored Cross-site Scripting (XSS)
• MEDIUM5.3Bolt Improper Access Control
  from 0, < 3.3.6
• MEDIUM5.3OS Command injection in Bolt
  from 0, < 3.7.2
• LOW3.5Bolt CMS Cross-site Scripting vulnerability
  from 0, <= 3.7.1
• —Bolt CMS vulnerable to authenticated remote code execution
  from 0, <= 3.7.0