pkg:Packagist/bolt/bolt

All known vulnerabilities

• HIGH8.8CVE-2019-9185Bolt Unrestricted Upload of File with Dangerous Type
  from 0, < 3.6.5
• HIGH8.8CVE-2019-10874Bolt Cross Site Request Forgery (CSRF)
  >= 3.6.6, < 3.6.7
• HIGH8.6CVE-2020-4040CSRF issue on preview pages in Bolt CMS
  from 0, < 3.7.1
• HIGH7.4CVE-2020-4041The filename of uploaded files vulnerable to stored XSS
  from 0, < 3.7.1
• MEDIUM6.1CVE-2019-15484Bolt Cross-site Scripting (XSS) via an image's alt or title field
  from 0, < 3.6.10
• MEDIUM6.1CVE-2019-9553Bolt Cross-site Scripting via the slug, teaser or title parameters
• MEDIUM6.1CVE-2019-15483Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log
  from 0, < 3.6.10
• MEDIUM6.1CVE-2018-19933Bolt Cross-site Scripting (XSS) via text input click preview button
  from 0, < 3.6.2
• MEDIUM6.1CVE-2019-15485Cross-site Scripting in Bolt
  from 0, < 3.6.10
• MEDIUM5.4CVE-2017-11127Bolt CMS Stored XSS
  from 0, <= 3.2.14
• MEDIUM5.4CVE-2017-11128Bolt stored Cross-site Scripting (XSS)
• MEDIUM5.3CVE-2017-16754Bolt Improper Access Control
  from 0, < 3.3.6
• MEDIUM5.3CVE-2020-28925OS Command injection in Bolt
  from 0, < 3.7.2
• LOW3.5CVE-2024-7300Bolt CMS Cross-site Scripting vulnerability
  from 0, <= 3.7.1
• —CVE-2025-34086Bolt CMS vulnerable to authenticated remote code execution
  from 0, <= 3.7.0