Bolt Cms

bolt_cms

Vendor: Bolt • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-36532 1Bolt 1Bolt Cms Nov 21, 2024 Sep 16, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
CVE-2021-40219 1Bolt 1Bolt Cms Nov 21, 2024 Apr 11, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
CVE-2018-19933 1Bolt 1Bolt Cms Nov 21, 2024 Dec 17, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.