Vulnerabilities > Boltcms > Bolt > 3.6.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-31321 | Improper Input Validation vulnerability in Boltcms Bolt The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. | 9.1 |
| 2021-02-17 | CVE-2021-27367 | Path Traversal vulnerability in Boltcms Bolt Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | 7.5 |
| 2020-12-30 | CVE-2020-28925 | Unspecified vulnerability in Boltcms Bolt Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. | 5.3 |
| 2020-06-08 | CVE-2020-4041 | Cross-site Scripting vulnerability in Boltcms Bolt In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. | 6.1 |
| 2020-06-08 | CVE-2020-4040 | Unspecified vulnerability in Boltcms Bolt Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. | 4.3 |
| 2019-08-23 | CVE-2019-15485 | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | 6.1 |
| 2019-08-23 | CVE-2019-15484 | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via an image's alt or title field. | 6.1 |
| 2019-08-23 | CVE-2019-15483 | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | 6.1 |
| 2019-04-05 | CVE-2019-10874 | Cross-Site Request Forgery (CSRF) vulnerability in Boltcms Bolt 3.6.6 Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | 8.8 |