Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-s5qk-9k2c-nubd
Vulnerability ID VCID-s5qk-9k2c-nubd
Aliases CVE-2020-4040
GHSA-2q66-6cc3-6xm8
Summary CSRF issue on preview pages in Bolt CMS
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.6 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
generic_textual HIGH http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2020-4040
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2020-4040
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2020-4040
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2020-4040
cvssv3.1 8.6 http://seclists.org/fulldisclosure/2020/Jul/4
generic_textual HIGH http://seclists.org/fulldisclosure/2020/Jul/4
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-2q66-6cc3-6xm8
cvssv3.1 8.6 https://github.com/bolt/bolt
generic_textual HIGH https://github.com/bolt/bolt
cvssv3.1 8.6 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
generic_textual HIGH https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
cvssv3.1 8.6 https://github.com/bolt/bolt/pull/7853
generic_textual HIGH https://github.com/bolt/bolt/pull/7853
cvssv3.1 8.6 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
cvssv3.1_qr HIGH https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
generic_textual HIGH https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
cvssv3.1 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-4040
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-4040
Reference id Reference type URL
http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
https://api.first.org/data/v1/epss?cve=CVE-2020-4040
http://seclists.org/fulldisclosure/2020/Jul/4
https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
https://github.com/bolt/bolt/pull/7853
CVE-2020-4040 https://nvd.nist.gov/vuln/detail/CVE-2020-4040
GHSA-2q66-6cc3-6xm8 https://github.com/advisories/GHSA-2q66-6cc3-6xm8
GHSA-2q66-6cc3-6xm8 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2020/Jul/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/bolt/bolt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/bolt/bolt/pull/7853
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-4040
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.71929
EPSS Score 0.00674
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:12.670712+00:00 GHSA Importer Import https://github.com/advisories/GHSA-2q66-6cc3-6xm8 38.6.0