CVE-2026-11511

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.6

Description An issue exists in the HTML Attribute Handler component within the file src/Storage/Field/Type/TextType.php. A remote attacker can perform HTML injection by manipulating the style argument. This affects products that are no longer supported by the maintainer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-74

Related Identifiers

CVE-2026-11511

Affected Products

Bolt Cms

CVE-2026-11511

Weakness Enumeration

Related Identifiers

Affected Products

References · 6