Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
GSA_kwCzR0hTQS0yZzIzLXFtbXAtZnZtcs4AAjK6
Bolt Cross-site Scripting via the slug, teaser or title parameters
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| packagist:bolt/bolt | = 3.6.4 | No known fixed version | |
Affected Version RangesAll affected versions |
|||