Moderate severityNVD Advisory· Published Jul 31, 2024· Updated Aug 19, 2024

Bolt CMS Showcase Creation showcases cross site scripting

CVE-2024-7300

Description

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
bolt/boltPackagist	<= 3.7.1	—

Affected products

ghsa-coords
pkg:composer/bolt/bolt
Range: <= 3.7.1
Bolt/CMSv5
Range: 3.7.1

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-xhqw-4hcq-fcvrghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-7300ghsaADVISORY
vuldb.comghsathird-party-advisoryWEB
vuldb.comghsasignaturepermissions-requiredWEB
vuldb.comghsavdb-entrytechnical-descriptionWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000