Skip to main content

Bolt CVE-2019-15483

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-08-23 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 23, 2019 - 13:15 nvd
MEDIUM 6.1

DescriptionNVD

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

AnalysisAI

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Affected products include: Boltcms Bolt. Version information: before 3.6.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Bolt

View all
CVE-2025-34086 HIGH POC
8.8 Jul 03

Pandora FMS monitoring platform version 7.0NG and earlier contains an authenticated command injection in the net_tools.p

CVE-2015-7309 MEDIUM POC
6.5 Sep 22

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authent

CVE-2019-10874 HIGH POC
8.8 Apr 05

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to ex

CVE-2019-9185 HIGH POC
8.8 Mar 07

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitr

CVE-2020-4041 MEDIUM POC
6.1 Jun 08

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. Rated medium severity (CV

CVE-2019-9553 MEDIUM POC
6.1 Dec 31

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and

CVE-2019-20058 MEDIUM POC
6.1 Dec 29

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profil

CVE-2023-5214 CRITICAL
9.8 Oct 06

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. Rated critical severity (CVSS 9.8

CVE-2017-11128 MEDIUM POC
5.4 Jul 17

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. Rated medium severi

CVE-2017-11127 MEDIUM POC
5.4 Jul 17

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. Rated medium

CVE-2024-7300 MEDIUM POC
5.3 Jul 31

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulne

CVE-2024-7299 MEDIUM POC
5.3 Jul 31

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vuln

Share

CVE-2019-15483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy