CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/bolt/bolt/issues/7830
https://github.com/bolt/bolt/issues/7830

Products affected by CVE-2019-20058

Boltcms » Bolt » Version: 3.7.0

cpe:2.3:a:boltcms:bolt:3.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-20058

Products

Pricing

Contact Us