Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boltwire | boltwire | * |
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boltwire | boltwire | 3.2.4 |
| boltwire | boltwire | 3.2.0 |
| boltwire | boltwire | 3.05 |
| boltwire | boltwire | 3.15 |
| boltwire | boltwire | 3.4.5 |
| boltwire | boltwire | 3.4.15 |
| boltwire | boltwire | 3.4.10 |
| boltwire | boltwire | 3.2.10 |
| boltwire | boltwire | 3.17 |
| boltwire | boltwire | 3.3.2 |
| boltwire | boltwire | 3.4.13 |
| boltwire | boltwire | * |
| boltwire | boltwire | 3.01 |
| boltwire | boltwire | 3.16 |
| boltwire | boltwire | 3.12 |
| boltwire | boltwire | 3.4 |
| boltwire | boltwire | 3.4.6 |
| boltwire | boltwire | 3.3.9 |
| boltwire | boltwire | 3.4.9 |
| boltwire | boltwire | 3.2.6 |
| boltwire | boltwire | 3.06 |
| boltwire | boltwire | 3.2.1 |
| boltwire | boltwire | 3.11 |
| boltwire | boltwire | 3.02 |
| boltwire | boltwire | 3.2.8 |
| boltwire | boltwire | 3.2.3 |
| boltwire | boltwire | 3.2.9 |
| boltwire | boltwire | 3.3.8 |
| boltwire | boltwire | 3.4.8 |
| boltwire | boltwire | 3.2.7 |
| boltwire | boltwire | 3.4.14 |
| boltwire | boltwire | 3.14 |
| boltwire | boltwire | 3.4.2 |
| boltwire | boltwire | 3.2.11 |
| boltwire | boltwire | 3.04 |
| boltwire | boltwire | 3.13 |
| boltwire | boltwire | 3.09 |
| boltwire | boltwire | 3.10 |
| boltwire | boltwire | 3.07 |
| boltwire | boltwire | 3.2.2 |
| boltwire | boltwire | 3.4.3 |
| boltwire | boltwire | 3.3 |
| boltwire | boltwire | 3.18 |
| boltwire | boltwire | 3.4.1 |
| boltwire | boltwire | 3.3.5 |
| boltwire | boltwire | 3.2.5 |
| boltwire | boltwire | 3.3.7 |
| boltwire | boltwire | 3.4.11 |
| boltwire | boltwire | 3.4.16 |
| boltwire | boltwire | 3.08 |
| boltwire | boltwire | 3.4.7 |
| boltwire | boltwire | 3.3.3 |
| boltwire | boltwire | 3.3.6 |
| boltwire | boltwire | 3.4.12 |
| boltwire | boltwire | 3.3.1 |
| boltwire | boltwire | 3.4.4 |
| boltwire | boltwire | 3.03 |
| boltwire | boltwire | 3.0 |
| boltwire | boltwire | 3.3.4 |
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boltwire | boltwire | 7.10 |
| boltwire | boltwire | 8.00 |
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boltwire | boltwire | 6.03 |