Cross-Site Scripting Vulnerability in Bolt CMS from Bolt
CVE-2018-19933

6.1MEDIUM

Key Information:

Vendor: Bolt
Status: Bolt Cms
Vendor: CVE Published:; 17 December 2018

What is CVE-2018-19933?

A cross-site scripting (XSS) vulnerability exists in Bolt CMS versions prior to 3.6.2, allowing attackers to inject malicious scripts through user input fields. This issue is particularly exploitable via the Title field in the New Entry and Configured Entry forms. By clicking the preview button, an attacker can execute the injected script within the context of another user's session, potentially leading to unauthorized actions or data theft.