Search criteria
12 vulnerabilities found for boltwire by boltwire
FKIE_CVE-2023-46501
Vulnerability from fkie_nvd - Published: 2023-11-07 18:15 - Updated: 2024-11-21 08:28
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Cyber-Wo0dy/CVE-2023-46501 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Cyber-Wo0dy/CVE-2023-46501 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boltwire:boltwire:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "84ABC7A6-D478-4A63-AC45-549A74EF404F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function."
},
{
"lang": "es",
"value": "Un problema en BoltWire v.6.03 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para la funci\u00f3n de ver y cambiar la contrase\u00f1a de administrador."
}
],
"id": "CVE-2023-46501",
"lastModified": "2024-11-21T08:28:36.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-07T18:15:08.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-24227
Vulnerability from fkie_nvd - Published: 2022-02-15 15:15 - Updated: 2025-05-05 17:17
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/Nguyen-Trung-Kien/CVE | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Nguyen-Trung-Kien/CVE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boltwire:boltwire:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8071ECE1-3C9D-4CA4-8104-CB31901E0128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BB53C63A-0CA3-4B5C-A5BF-BEB48FC05586",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en BoltWire versi\u00f3n v7.10, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada en los par\u00e1metros name y lastname"
}
],
"id": "CVE-2022-24227",
"lastModified": "2025-05-05T17:17:59.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-02-15T15:15:12.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2013-0737
Vulnerability from fkie_nvd - Published: 2020-01-02 21:15 - Updated: 2024-11-21 01:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/84698 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/84698 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boltwire:boltwire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47853691-2D7C-494A-B1B0-27CA96FA7835",
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en BoltWire versi\u00f3n 3.5 y anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro fieldnames."
}
],
"id": "CVE-2013-0737",
"lastModified": "2024-11-21T01:48:06.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T21:15:12.513",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2651
Vulnerability from fkie_nvd - Published: 2013-10-23 16:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boltwire:boltwire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47853691-2D7C-494A-B1B0-27CA96FA7835",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3024B825-17AB-4566-BDA2-6CDE2C62AFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "ED82066A-FAA4-4DB7-955B-6283F8D99FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5B2974-D7E7-4F68-A6AA-B871D212896C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65964BE5-9F7B-4862-9A62-C949AF887623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFED4FE-F8D3-4742-AE63-F6FCA7517EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCAFFD7-57E4-4EDF-9F4C-C30ED43FA7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "650204FB-33EE-47AE-9B13-782A32117BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7032266F-5A09-4A27-A046-627307D515A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "127BA7BA-86B7-466B-9B0B-4A40905308D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "63591791-EE0F-4373-852C-E59467CEB4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85DBCBE2-1E40-4567-8916-9C7C69B901F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDA1FD2-4BB2-4571-A5EB-4653B08FC8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3CD3CC-416C-4B92-A31C-DD62D4A1DFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6B98C081-51DF-4381-99DF-F6CD5E8EBA20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E67AFB-8CC8-4CCA-9EA0-290BDB6BFB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F830108A-ABA0-406C-A3B1-83A8FA4EE41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6D963B-3D9C-4997-88C0-4EFF20ECDB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "407364D8-FC64-4932-A485-389C06B90DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E45DCB90-BF0F-4278-A9BB-1586DC99D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC5AF01-6F5E-4478-A84C-40A1F2D35094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D22ECF24-E8AF-4F8F-A6AD-E06F360C7D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "589D282B-35E3-4A86-A9CF-FE7DEC9E477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF6BDBB-D4D2-4670-9FA4-9B1CCF8CEA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3874A0B-0BDA-4273-96BF-7E01FC8D009F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B14B0482-3B0D-40B4-9A0F-014D4E3384DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "778B29F8-4193-4CBB-A7FD-2F7BBBFE684B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1E1DB3-2421-43FC-88F7-FBDD52854C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "230634A5-C1E2-48AA-90CD-192CDD7AFC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD46E37-AD97-45B8-BF1F-F240EE32CD24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC30D942-75C2-4060-AEF5-790FD4561497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0093AA5B-6EF0-4AD9-988D-C7AE9CD3829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24A9D2A0-114F-4E5D-9442-B4AFDD6E9947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C79F2130-B679-4F4F-AFC1-339440410EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA89D86-4CDD-462D-8D89-2F18DE80478F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD34AD4-6FD8-4E6E-A76E-68B482F4CE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC6B6F-7B34-4D93-A425-CD4FB332BB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26FC1EDA-D172-40DE-87D8-CC96CB49E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F367210-DC30-4EA5-B663-23C3F9751152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E57721-19C7-4ED3-AFD6-90C3923D2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DC937970-44E6-4F1A-B700-4BAC2888B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0E472C-A8C6-4C17-A5A3-AEC9302C83CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7F47E7A9-47D4-4710-A456-944756E79C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2740B75-3CFF-4131-AB54-2C2662D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF22079C-21B3-4D72-AB00-C8A141498D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E781C0E2-ECE4-4A49-A30E-08724AFC3113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C29F3A0-2B70-4029-9722-7951AB17E16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA2C894-A0DC-4FA3-86D5-D8104A570792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "18A699E1-8925-42F2-B27F-F4D095824A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "5129F3D1-E452-425E-8036-0ECB4634B51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "983E0A97-FE78-41C7-9DF6-E08B8E04F494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "10687A39-958D-4FBB-9BF2-B13038176AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2881CADF-B446-4A26-BB9F-69C3BBC321B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F24C2E8D-D8C5-414B-98D1-CA8D68CED13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EE85A831-05DA-4CEA-9518-A33D5C5DEDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "971C4170-6955-436C-BF75-DC73B6C1B4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C2222F-1BDB-45DB-A6CA-F4A58E279B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFA20E7-6E33-43D9-93B2-6AA9747D966A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:boltwire:boltwire:3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "57DCD391-9E36-4093-8C86-1CEDA108F0F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en BoltWire 3.5 y anteriores versiones permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de (1) \"p\" o (2) parametro de contenido a index.php."
}
],
"id": "CVE-2013-2651",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-23T16:54:28.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-46501 (GCVE-0-2023-46501)
Vulnerability from cvelistv5 – Published: 2023-11-07 00:00 – Updated: 2024-09-05 14:22
VLAI?
Summary
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:boltwire:boltwire:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boltwire",
"vendor": "boltwire",
"versions": [
{
"status": "affected",
"version": "6.03"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46501",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:20:08.783852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:22:52.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T17:15:49.096504",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
},
{
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46501",
"datePublished": "2023-11-07T00:00:00",
"dateReserved": "2023-10-23T00:00:00",
"dateUpdated": "2024-09-05T14:22:52.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24227 (GCVE-0-2022-24227)
Vulnerability from cvelistv5 – Published: 2022-02-15 00:00 – Updated: 2025-05-05 16:24
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:03.443165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:24:41.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T22:21:29.602Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
},
{
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24227",
"datePublished": "2022-02-15T00:00:00.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:24:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0737 (GCVE-0-2013-0737)
Vulnerability from cvelistv5 – Published: 2020-01-02 20:13 – Updated: 2024-08-06 14:33
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BoltWire",
"vendor": "BoltWire",
"versions": [
{
"status": "affected",
"version": "3.5 and earlier"
}
]
}
],
"datePublic": "2013-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T20:13:58",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BoltWire",
"version": {
"version_data": [
{
"version_value": "3.5 and earlier"
}
]
}
}
]
},
"vendor_name": "BoltWire"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0737",
"datePublished": "2020-01-02T20:13:58",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2651 (GCVE-0-2013-2651)
Vulnerability from cvelistv5 – Published: 2013-10-23 15:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"name": "http://packetstormsecurity.com/files/123558",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2651",
"datePublished": "2013-10-23T15:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46501 (GCVE-0-2023-46501)
Vulnerability from nvd – Published: 2023-11-07 00:00 – Updated: 2024-09-05 14:22
VLAI?
Summary
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:boltwire:boltwire:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boltwire",
"vendor": "boltwire",
"versions": [
{
"status": "affected",
"version": "6.03"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46501",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:20:08.783852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:22:52.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T17:15:49.096504",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_control"
},
{
"url": "https://github.com/Cyber-Wo0dy/CVE-2023-46501"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46501",
"datePublished": "2023-11-07T00:00:00",
"dateReserved": "2023-10-23T00:00:00",
"dateUpdated": "2024-09-05T14:22:52.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24227 (GCVE-0-2022-24227)
Vulnerability from nvd – Published: 2022-02-15 00:00 – Updated: 2025-05-05 16:24
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:03.443165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:24:41.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T22:21:29.602Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Nguyen-Trung-Kien/CVE"
},
{
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24227/CVE-2022-24227.pdf"
},
{
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v8.00/boltwire_xss"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24227",
"datePublished": "2022-02-15T00:00:00.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:24:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0737 (GCVE-0-2013-0737)
Vulnerability from nvd – Published: 2020-01-02 20:13 – Updated: 2024-08-06 14:33
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BoltWire",
"vendor": "BoltWire",
"versions": [
{
"status": "affected",
"version": "3.5 and earlier"
}
]
}
],
"datePublic": "2013-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T20:13:58",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BoltWire",
"version": {
"version_data": [
{
"version_value": "3.5 and earlier"
}
]
}
}
]
},
"vendor_name": "BoltWire"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0737",
"datePublished": "2020-01-02T20:13:58",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2651 (GCVE-0-2013-2651)
Vulnerability from nvd – Published: 2013-10-23 15:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire \u003c= v3.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"name": "http://packetstormsecurity.com/files/123558",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2651",
"datePublished": "2013-10-23T15:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}