Bolt CMS HTML Injection Vulnerability in TextType.php Component

Vulnerability

A vulnerability allowing HTML injection has been identified in Bolt CMS versions prior to 3.7.5. The issue arises in the HTML Attribute Handler, specifically within the file src/Storage/Field/Type/TextType.php. By manipulating the argument style, it is possible to inject HTML. This vulnerability can be exploited remotely and has been publicly disclosed. It affects unsupported products.

Impact

Exploitation of this vulnerability allows for HTML injection, which could be used to manipulate the way content is displayed or to execute malicious scripts in the context of the user's browser.

Added: Jun 8, 2026, 1:26 PM

Updated: Jun 8, 2026, 1:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

8.2

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

8.2

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bolt CMS HTML Injection Vulnerability in TextType.php Component

Vulnerability

Impact

Affected Products

Bolt CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating