MidnightBSD

Advisories for boltwire

CVE-2013-0737 MEDIUM

Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
boltwire boltwire *
CVE-2013-2651 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
boltwire boltwire 3.2.4
boltwire boltwire 3.2.0
boltwire boltwire 3.05
boltwire boltwire 3.15
boltwire boltwire 3.4.5
boltwire boltwire 3.4.15
boltwire boltwire 3.4.10
boltwire boltwire 3.2.10
boltwire boltwire 3.17
boltwire boltwire 3.3.2
boltwire boltwire 3.4.13
boltwire boltwire *
boltwire boltwire 3.01
boltwire boltwire 3.16
boltwire boltwire 3.12
boltwire boltwire 3.4
boltwire boltwire 3.4.6
boltwire boltwire 3.3.9
boltwire boltwire 3.4.9
boltwire boltwire 3.2.6
boltwire boltwire 3.06
boltwire boltwire 3.2.1
boltwire boltwire 3.11
boltwire boltwire 3.02
boltwire boltwire 3.2.8
boltwire boltwire 3.2.3
boltwire boltwire 3.2.9
boltwire boltwire 3.3.8
boltwire boltwire 3.4.8
boltwire boltwire 3.2.7
boltwire boltwire 3.4.14
boltwire boltwire 3.14
boltwire boltwire 3.4.2
boltwire boltwire 3.2.11
boltwire boltwire 3.04
boltwire boltwire 3.13
boltwire boltwire 3.09
boltwire boltwire 3.10
boltwire boltwire 3.07
boltwire boltwire 3.2.2
boltwire boltwire 3.4.3
boltwire boltwire 3.3
boltwire boltwire 3.18
boltwire boltwire 3.4.1
boltwire boltwire 3.3.5
boltwire boltwire 3.2.5
boltwire boltwire 3.3.7
boltwire boltwire 3.4.11
boltwire boltwire 3.4.16
boltwire boltwire 3.08
boltwire boltwire 3.4.7
boltwire boltwire 3.3.3
boltwire boltwire 3.3.6
boltwire boltwire 3.4.12
boltwire boltwire 3.3.1
boltwire boltwire 3.4.4
boltwire boltwire 3.03
boltwire boltwire 3.0
boltwire boltwire 3.3.4
CVE-2022-24227 MEDIUM

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
boltwire boltwire 7.10
boltwire boltwire 8.00
CVE-2023-46501

An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
boltwire boltwire 6.03