Boltwire: Security Vulnerabilities
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
CVSS Score
9.1
EPSS Score
0.109
Published
2023-11-07
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS Score
6.1
EPSS Score
0.033
Published
2022-02-15
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-02
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-10-23