CVE-2024-7300 | Bolt CMS 3.7.1 Showcase Creation showcases textarea cross site scripting

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-7300. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Vendor was contacted early and confirmed that the affected release tree is end-of-life.

CVE-2024-7300 | Bolt CMS 3.7.1 Showcase Creation showcases textarea cross site scripting

Post correlati

CVE-2024-10467 | Mozilla Thunderbird up to 131 memory corruption

CVE-2023-35841 | Phoenix WinFlash Driver prior 4.5.0.0 on Windows IOCTL permission assignment

CVE-2023-42830 | Apple macOS App Store Privilege Escalation

CVE-2024-6540 | OTRS up to 8.0.x/2023.x/2024.4.x Ticket improper filtering of special elements