Bolt Cms vulnerabilities
4 known vulnerabilities affecting bolt/cms.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-34086P2HIGHCVSS 8.8PoC≤ 3.7.02025-07-03
CVE-2025-34086 [HIGH] CWE-94 CVE-2025-34086: Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authen
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached se
nvd
CVE-2024-7300P4MEDIUMCVSS 5.4v3.7.12024-07-31
CVE-2024-7300 [MEDIUM] CWE-79 CVE-2024-7300: A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown f
A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the
nvd
CVE-2024-7299P4MEDIUMCVSS 5.4v3.7.12024-07-31
CVE-2024-7299 [MEDIUM] CWE-79 CVE-2024-7299: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as pr
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclo
nvd
CVE-2026-11511P4LOWCVSS 3.5v3.7.0v3.7.1+4 more2026-06-08
CVE-2026-11511 [LOW] CWE-74 CVE-2026-11511: A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of t
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack remotely. The exploit has been made available to the public
nvd