Search
Find a vulnerability
Search criteria
6 vulnerabilities found for bolt_cms by bolt
CVE-2022-36532 (GCVE-0-2022-36532)
Vulnerability from nvd – Published: 2022-09-16 02:26 – Updated: 2024-08-03 10:07
VLAI
Summary
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://bolt.com | x_refsource_MISC |
| https://lutrasecurity.com/en/articles/cve-2022-36532/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bolt.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T02:26:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bolt.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bolt.com",
"refsource": "MISC",
"url": "http://bolt.com"
},
{
"name": "https://lutrasecurity.com/en/articles/cve-2022-36532/",
"refsource": "MISC",
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36532",
"datePublished": "2022-09-16T02:26:31.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40219 (GCVE-0-2021-40219)
Vulnerability from nvd – Published: 2022-04-11 16:45 – Updated: 2024-08-04 02:27
VLAI
Summary
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://boltcms.com | x_refsource_MISC |
| https://github.com/bolt/core | x_refsource_MISC |
| https://github.com/bolt/core/blob/3b21a73ebf519b7… | x_refsource_MISC |
| https://github.com/iiSiLvEr/CVEs/tree/main/CVE-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://boltcms.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bolt/core"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS \u003c= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T16:45:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://boltcms.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bolt/core"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS \u003c= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://boltcms.com",
"refsource": "MISC",
"url": "http://boltcms.com"
},
{
"name": "https://github.com/bolt/core",
"refsource": "MISC",
"url": "https://github.com/bolt/core"
},
{
"name": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php",
"refsource": "MISC",
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"name": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219",
"refsource": "MISC",
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40219",
"datePublished": "2022-04-11T16:45:54.000Z",
"dateReserved": "2021-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19933 (GCVE-0-2018-19933)
Vulnerability from nvd – Published: 2018-12-17 18:00 – Updated: 2024-08-05 11:51
VLAI
Summary
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46014/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/rdincel1/Bolt-CMS-3.6.2---Cros… | x_refsource_MISC |
| https://www.raifberkaydincel.com/bolt-cms-xss-vul… | x_refsource_MISC |
Date Public
2018-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46014",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS \u003c3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46014",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS \u003c3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"name": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting",
"refsource": "MISC",
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"name": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html",
"refsource": "MISC",
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19933",
"datePublished": "2018-12-17T18:00:00.000Z",
"dateReserved": "2018-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:17.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36532 (GCVE-0-2022-36532)
Vulnerability from cvelistv5 – Published: 2022-09-16 02:26 – Updated: 2024-08-03 10:07
VLAI
Summary
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://bolt.com | x_refsource_MISC |
| https://lutrasecurity.com/en/articles/cve-2022-36532/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bolt.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T02:26:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bolt.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bolt.com",
"refsource": "MISC",
"url": "http://bolt.com"
},
{
"name": "https://lutrasecurity.com/en/articles/cve-2022-36532/",
"refsource": "MISC",
"url": "https://lutrasecurity.com/en/articles/cve-2022-36532/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36532",
"datePublished": "2022-09-16T02:26:31.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40219 (GCVE-0-2021-40219)
Vulnerability from cvelistv5 – Published: 2022-04-11 16:45 – Updated: 2024-08-04 02:27
VLAI
Summary
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://boltcms.com | x_refsource_MISC |
| https://github.com/bolt/core | x_refsource_MISC |
| https://github.com/bolt/core/blob/3b21a73ebf519b7… | x_refsource_MISC |
| https://github.com/iiSiLvEr/CVEs/tree/main/CVE-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://boltcms.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bolt/core"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS \u003c= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T16:45:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://boltcms.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bolt/core"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS \u003c= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://boltcms.com",
"refsource": "MISC",
"url": "http://boltcms.com"
},
{
"name": "https://github.com/bolt/core",
"refsource": "MISC",
"url": "https://github.com/bolt/core"
},
{
"name": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php",
"refsource": "MISC",
"url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php"
},
{
"name": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219",
"refsource": "MISC",
"url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40219",
"datePublished": "2022-04-11T16:45:54.000Z",
"dateReserved": "2021-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19933 (GCVE-0-2018-19933)
Vulnerability from cvelistv5 – Published: 2018-12-17 18:00 – Updated: 2024-08-05 11:51
VLAI
Summary
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46014/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/rdincel1/Bolt-CMS-3.6.2---Cros… | x_refsource_MISC |
| https://www.raifberkaydincel.com/bolt-cms-xss-vul… | x_refsource_MISC |
Date Public
2018-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46014",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bolt CMS \u003c3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46014",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bolt CMS \u003c3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"name": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting",
"refsource": "MISC",
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"name": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html",
"refsource": "MISC",
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19933",
"datePublished": "2018-12-17T18:00:00.000Z",
"dateReserved": "2018-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:17.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}