EPSS
Percentile
79.0%
bolt/bolt is vulnerable to cross-site scripting attacks. A malicious user can inject and execute arbitrary web script through the filename parameter during renaming the file after creating/uploading the file.
packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
seclists.org/fulldisclosure/2020/Jul/4
github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
github.com/bolt/bolt/pull/7853
github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j