CVE-2019-9553: Cross-site Scripting

December 31, 2019 (updated January 3, 2020)

Bolt has an XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.

References

nvd.nist.gov/vuln/detail/CVE-2019-9553
packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html
www.exploit-db.com/exploits/46495

Code Behaviors & Features

Detect and mitigate CVE-2019-9553 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →