CVE-2019-20058

Name of the Vulnerable Software and Affected Versions Bolt version 3.7.0

Description The issue allows for XSS because unsanitized search input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in production.

Recommendations For Bolt version 3.7.0, consider disabling the Symfony Web Profiler in production environments to minimize the risk of exploitation. As a temporary workaround, avoid using the search input in the profiler page until the issue is resolved.