jpvispo

1 exploit Active since Jun 2020
CVE-2020-4040 NOMISEC HIGH NO CODE
Bolt CMS < 3.7.1 - Cross-Site Request Forgery in Preview Generation Endpoint
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
CVSS 8.6