CVE-2026-11511
LOW
2,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
3,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The GitHub repository was archived by the owner and is now read-only. This vulnerability only affects products that are no longer supported by the maintainer.
74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Other
Integrity
Non-Repudiation
Potential Impacts:
Read Application Data
Bypass Protection Mechanism
Alter Execution Logic
Other
Hide Activities
Applicable Platforms
All platforms may be affected
80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Potential Impacts:
Read Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
Web Based, Web Server
https://vuldb.com/submit/836106
https://vuldb.com/cve/CVE-2026-11511
https://vuldb.com/submit/836106
https://vuldb.com/vuln/369131
https://vuldb.com/vuln/369131/cti