CVE-2017-11128

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.