Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53807?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53807?format=api", "purl": "pkg:composer/bolt/bolt@3.2.15", "type": "composer", "namespace": "bolt", "name": "bolt", "version": "3.2.15", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40805?format=api", "vulnerability_id": "VCID-1wh7-r7g1-e7hz", "summary": "Unrestricted Upload of File with Dangerous Type\n`Controller/Async/FilesystemManager.php` in the filemanager in Bolt allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a `.php` extension.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77761", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77754", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77727", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9185" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/blob/v3.6.5/changelog.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/blob/v3.6.5/changelog.md" }, { "reference_url": "https://github.com/bolt/bolt/pull/7745", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7745" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/v3.6.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/releases/tag/v3.6.5" }, { "reference_url": "https://www.hacksecproject.com/?p=293", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hacksecproject.com/?p=293" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9185", "reference_id": "CVE-2019-9185", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9185" }, { "reference_url": "https://github.com/advisories/GHSA-gmg5-f2gm-p3h7", "reference_id": "GHSA-gmg5-f2gm-p3h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gmg5-f2gm-p3h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57543?format=api", "purl": "pkg:composer/bolt/bolt@3.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-dj4e-fqt2-r3ap" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" }, { "vulnerability": "VCID-u9hk-ce69-83gw" }, { "vulnerability": "VCID-uyas-urd2-puaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.5" } ], "aliases": [ "CVE-2019-9185", "GHSA-gmg5-f2gm-p3h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1wh7-r7g1-e7hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54442?format=api", "vulnerability_id": "VCID-66gv-4k2x-5bgp", "summary": "OS Command injection in Bolt\nBolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the \"How to Harden Your PHP for Better Security\" guidance.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57307", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57299", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28925" }, { "reference_url": "https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a" }, { "reference_url": "https://github.com/bolt/bolt/compare/3.7.1...3.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/compare/3.7.1...3.7.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28925", "reference_id": "CVE-2020-28925", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28925" }, { "reference_url": "https://github.com/advisories/GHSA-w8cj-mvf9-mpc9", "reference_id": "GHSA-w8cj-mvf9-mpc9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w8cj-mvf9-mpc9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80639?format=api", "purl": "pkg:composer/bolt/bolt@3.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.7.2" } ], "aliases": [ "CVE-2020-28925", "GHSA-w8cj-mvf9-mpc9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66gv-4k2x-5bgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55607?format=api", "vulnerability_id": "VCID-6nxv-q8hv-rkbt", "summary": "Bolt CMS Cross-site Scripting vulnerability\n** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273168. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31567", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7300" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://vuldb.com/?ctiid.273168", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T13:21:55Z/" } ], "url": "https://vuldb.com/?ctiid.273168" }, { "reference_url": "https://vuldb.com/?id.273168", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T13:21:55Z/" } ], "url": "https://vuldb.com/?id.273168" }, { "reference_url": "https://vuldb.com/?submit.380678", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T13:21:55Z/" } ], "url": "https://vuldb.com/?submit.380678" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7300", "reference_id": "CVE-2024-7300", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7300" }, { "reference_url": "https://github.com/advisories/GHSA-xhqw-4hcq-fcvr", "reference_id": "GHSA-xhqw-4hcq-fcvr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhqw-4hcq-fcvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80639?format=api", "purl": "pkg:composer/bolt/bolt@3.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.7.2" } ], "aliases": [ "CVE-2024-7300", "GHSA-xhqw-4hcq-fcvr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6nxv-q8hv-rkbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40520?format=api", "vulnerability_id": "VCID-avzc-ejy9-kkdh", "summary": "Cross-site Scripting\nBolt CMS allows XSS via text input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02243", "scoring_system": "epss", "scoring_elements": "0.84869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02243", "scoring_system": "epss", "scoring_elements": "0.84897", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02243", "scoring_system": "epss", "scoring_elements": "0.84892", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19933" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting" }, { "reference_url": "https://www.exploit-db.com/exploits/46014", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46014" }, { "reference_url": "https://www.exploit-db.com/exploits/46014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46014/" }, { "reference_url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46014.txt", "reference_id": "CVE-2018-19933", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46014.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19933", "reference_id": "CVE-2018-19933", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57130?format=api", "purl": "pkg:composer/bolt/bolt@3.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wh7-r7g1-e7hz" }, { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-dj4e-fqt2-r3ap" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" }, { "vulnerability": "VCID-u9hk-ce69-83gw" }, { "vulnerability": "VCID-uyas-urd2-puaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.2" } ], "aliases": [ "CVE-2018-19933", "GHSA-gjx6-58xh-p7pw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avzc-ejy9-kkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39126?format=api", "vulnerability_id": "VCID-b7k5-t7x5-t7gz", "summary": "Incorrect Permission Assignment for Critical Resource\nBolt does not properly restrict access to `_profiler routes`, related to `EventListener/ProfilerListener.php` and `Provider/EventListenerServiceProvider.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59852", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59848", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59799", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16754" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/v3.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/releases/tag/v3.3.6" }, { "reference_url": "http://www.securityfocus.com/bid/101777", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101777" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16754", "reference_id": "CVE-2017-16754", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16754" }, { "reference_url": "https://github.com/advisories/GHSA-wr23-m9m2-jjf4", "reference_id": "GHSA-wr23-m9m2-jjf4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr23-m9m2-jjf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54638?format=api", "purl": "pkg:composer/bolt/bolt@3.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wh7-r7g1-e7hz" }, { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-avzc-ejy9-kkdh" }, { "vulnerability": "VCID-dj4e-fqt2-r3ap" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" }, { "vulnerability": "VCID-u9hk-ce69-83gw" }, { "vulnerability": "VCID-uyas-urd2-puaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.3.6" } ], "aliases": [ "CVE-2017-16754", "GHSA-wr23-m9m2-jjf4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7k5-t7x5-t7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51766?format=api", "vulnerability_id": "VCID-dj4e-fqt2-r3ap", "summary": "Cross-site Scripting\nBolt has XSS via an image's alt or title field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54035", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54099", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54091", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15484" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/pull/7801", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7801" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/v3.6.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/releases/tag/v3.6.10" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15484", "reference_id": "CVE-2019-15484", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15484" }, { "reference_url": "https://github.com/advisories/GHSA-fp8m-xw3f-6h7x", "reference_id": "GHSA-fp8m-xw3f-6h7x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp8m-xw3f-6h7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75892?format=api", "purl": "pkg:composer/bolt/bolt@3.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10" } ], "aliases": [ "CVE-2019-15484", "GHSA-fp8m-xw3f-6h7x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj4e-fqt2-r3ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52683?format=api", "vulnerability_id": "VCID-juxv-sxxr-s3d8", "summary": "Cross-site Scripting\nIn Bolt CMS, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.6368", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63722", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-4041" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Jul/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Jul/4" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f" }, { "reference_url": "https://github.com/bolt/bolt/pull/7853", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7853" }, { "reference_url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4041", "reference_id": "CVE-2020-4041", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4041" }, { "reference_url": "https://github.com/advisories/GHSA-68q3-7wjp-7q3j", "reference_id": "GHSA-68q3-7wjp-7q3j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68q3-7wjp-7q3j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77473?format=api", "purl": "pkg:composer/bolt/bolt@3.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.7.1" } ], "aliases": [ "CVE-2020-4041", "GHSA-68q3-7wjp-7q3j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-juxv-sxxr-s3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52685?format=api", "vulnerability_id": "VCID-m63y-x2d4-9ya4", "summary": "Cross-Site Request Forgery (CSRF)\nBolt CMS lacks CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-4040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.71881", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.71842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.71887", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-4040" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Jul/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Jul/4" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f" }, { "reference_url": "https://github.com/bolt/bolt/pull/7853", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7853" }, { "reference_url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4040", "reference_id": "CVE-2020-4040", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4040" }, { "reference_url": "https://github.com/advisories/GHSA-2q66-6cc3-6xm8", "reference_id": "GHSA-2q66-6cc3-6xm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2q66-6cc3-6xm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77473?format=api", "purl": "pkg:composer/bolt/bolt@3.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.7.1" } ], "aliases": [ "CVE-2020-4040", "GHSA-2q66-6cc3-6xm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m63y-x2d4-9ya4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57571?format=api", "vulnerability_id": "VCID-mdzj-jtgu-zycy", "summary": "Bolt CMS vulnerable to authenticated remote code execution\nBolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file.\n\nNOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-34086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.67402", "scoring_system": "epss", "scoring_elements": "0.98587", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-34086" }, { "reference_url": "https://boltcms.io/newsitem/major-announcements-bolt-3-eol-bolt-4-2-5-0-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://boltcms.io/newsitem/major-announcements-bolt-3-eol-bolt-4-2-5-0-releases" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/blob/3.7/src/Controller/Backend/Users.php#L279-L311", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/blob/3.7/src/Controller/Backend/Users.php#L279-L311" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/3.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://github.com/bolt/bolt/releases/tag/3.7.1" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/bolt_authenticated_rce.rb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/bolt_authenticated_rce.rb" }, { "reference_url": "https://www.exploit-db.com/exploits/48296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://www.exploit-db.com/exploits/48296" }, { "reference_url": "https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce" }, { "reference_url": "https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce/", "reference_id": "bolt_authenticated_rce", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-07T19:02:46Z/" } ], "url": "https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34086", "reference_id": "CVE-2025-34086", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34086" }, { "reference_url": "https://github.com/advisories/GHSA-p9qc-8jjx-g8cg", "reference_id": "GHSA-p9qc-8jjx-g8cg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9qc-8jjx-g8cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77473?format=api", "purl": "pkg:composer/bolt/bolt@3.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.7.1" } ], "aliases": [ "CVE-2025-34086", "GHSA-p9qc-8jjx-g8cg" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdzj-jtgu-zycy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42880?format=api", "vulnerability_id": "VCID-mt2z-nyas-5qer", "summary": "Improper Control of Generation of Code ('Code Injection')\nBolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.", "references": [ { "reference_url": "http://boltcms.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://boltcms.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05034", "scoring_system": "epss", "scoring_elements": "0.89934", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05034", "scoring_system": "epss", "scoring_elements": "0.89935", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05034", "scoring_system": "epss", "scoring_elements": "0.89918", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40219" }, { "reference_url": "https://github.com/bolt/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/core" }, { "reference_url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php" }, { "reference_url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219", "reference_id": "CVE-2021-40219", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40219", "reference_id": "CVE-2021-40219", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40219" }, { "reference_url": "https://github.com/advisories/GHSA-gprh-7767-cw39", "reference_id": "GHSA-gprh-7767-cw39", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gprh-7767-cw39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61313?format=api", "purl": "pkg:composer/bolt/bolt@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@4.2.1" } ], "aliases": [ "CVE-2021-40219", "GHSA-gprh-7767-cw39" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt2z-nyas-5qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51765?format=api", "vulnerability_id": "VCID-u9hk-ce69-83gw", "summary": "Cross-site Scripting\nBolt is vulnerable to XSS via `createFolder` or `createFile` in `Controller/Async/FilesystemManager.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54099", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54035", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15485" }, { "reference_url": "https://github.com/bolt/bolt/pull/7800", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7800" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/v3.6.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/releases/tag/v3.6.10" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15485", "reference_id": "CVE-2019-15485", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15485" }, { "reference_url": "https://github.com/advisories/GHSA-cj8p-53v9-2c26", "reference_id": "GHSA-cj8p-53v9-2c26", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj8p-53v9-2c26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75892?format=api", "purl": "pkg:composer/bolt/bolt@3.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10" } ], "aliases": [ "CVE-2019-15485", "GHSA-cj8p-53v9-2c26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9hk-ce69-83gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51769?format=api", "vulnerability_id": "VCID-uyas-urd2-puaz", "summary": "Cross-site Scripting\nBolt is vulnerable to XSS via a title that is mishandled in the system log.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45035", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45108", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15483" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://github.com/bolt/bolt/pull/7802", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/pull/7802" }, { "reference_url": "https://github.com/bolt/bolt/releases/tag/v3.6.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt/releases/tag/v3.6.10" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15483", "reference_id": "CVE-2019-15483", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75892?format=api", "purl": "pkg:composer/bolt/bolt@3.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10" } ], "aliases": [ "CVE-2019-15483", "GHSA-ph84-vg7q-fqq8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyas-urd2-puaz" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38692?format=api", "vulnerability_id": "VCID-9bn5-8aq2-tyg8", "summary": "Cross-site Scripting\nBolt CMS allows stored XSS via text input, as demonstrated by the `Title` field of a new entry.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51819", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51809", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11128" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11128", "reference_id": "CVE-2017-11128", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53807?format=api", "purl": "pkg:composer/bolt/bolt@3.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wh7-r7g1-e7hz" }, { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-avzc-ejy9-kkdh" }, { "vulnerability": "VCID-b7k5-t7x5-t7gz" }, { "vulnerability": "VCID-dj4e-fqt2-r3ap" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" }, { "vulnerability": "VCID-u9hk-ce69-83gw" }, { "vulnerability": "VCID-uyas-urd2-puaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.2.15" } ], "aliases": [ "CVE-2017-11128", "GHSA-5r9j-698h-2h5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bn5-8aq2-tyg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38695?format=api", "vulnerability_id": "VCID-vgbe-z9tk-8kbb", "summary": "Cross-site Scripting\nBolt CMS allows stored XSS by uploading an SVG document with a `Content-Type: `image/svg`+xml` header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51819", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51809", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11127" }, { "reference_url": "https://github.com/bolt/bolt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bolt/bolt" }, { "reference_url": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://websecnerd.blogspot.in/2017/07/bolt-cms-3.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11127", "reference_id": "CVE-2017-11127", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53807?format=api", "purl": "pkg:composer/bolt/bolt@3.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wh7-r7g1-e7hz" }, { "vulnerability": "VCID-66gv-4k2x-5bgp" }, { "vulnerability": "VCID-6nxv-q8hv-rkbt" }, { "vulnerability": "VCID-avzc-ejy9-kkdh" }, { "vulnerability": "VCID-b7k5-t7x5-t7gz" }, { "vulnerability": "VCID-dj4e-fqt2-r3ap" }, { "vulnerability": "VCID-juxv-sxxr-s3d8" }, { "vulnerability": "VCID-m63y-x2d4-9ya4" }, { "vulnerability": "VCID-mdzj-jtgu-zycy" }, { "vulnerability": "VCID-mt2z-nyas-5qer" }, { "vulnerability": "VCID-u9hk-ce69-83gw" }, { "vulnerability": "VCID-uyas-urd2-puaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.2.15" } ], "aliases": [ "CVE-2017-11127", "GHSA-hqxc-w9vw-3hp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbe-z9tk-8kbb" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.2.15" }