A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-7300. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Vendor was contacted early and confirmed that the affected release tree is end-of-life.