Skip to main content

Bolt CVE-2019-15484

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-08-23 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 23, 2019 - 13:15 nvd
MEDIUM 6.1

DescriptionNVD

Bolt before 3.6.10 has XSS via an image's alt or title field.

AnalysisAI

Bolt before 3.6.10 has XSS via an image's alt or title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Bolt before 3.6.10 has XSS via an image's alt or title field. Affected products include: Boltcms Bolt. Version information: before 3.6.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Bolt

View all
CVE-2025-34086 HIGH POC
8.8 Jul 03

Pandora FMS monitoring platform version 7.0NG and earlier contains an authenticated command injection in the net_tools.p

CVE-2015-7309 MEDIUM POC
6.5 Sep 22

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authent

CVE-2019-10874 HIGH POC
8.8 Apr 05

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to ex

CVE-2019-9185 HIGH POC
8.8 Mar 07

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitr

CVE-2020-4041 MEDIUM POC
6.1 Jun 08

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. Rated medium severity (CV

CVE-2019-9553 MEDIUM POC
6.1 Dec 31

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and

CVE-2019-20058 MEDIUM POC
6.1 Dec 29

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profil

CVE-2023-5214 CRITICAL
9.8 Oct 06

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. Rated critical severity (CVSS 9.8

CVE-2017-11128 MEDIUM POC
5.4 Jul 17

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. Rated medium severi

CVE-2017-11127 MEDIUM POC
5.4 Jul 17

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. Rated medium

CVE-2024-7300 MEDIUM POC
5.3 Jul 31

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulne

CVE-2024-7299 MEDIUM POC
5.3 Jul 31

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vuln

Share

CVE-2019-15484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy