CVE-2024-7300 | Bolt CMS 3.7.1 Showcase Creation showcases textarea cross site scripting

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-7300. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Vendor was contacted early and confirmed that the affected release tree is end-of-life.

CVE-2024-7300 | Bolt CMS 3.7.1 Showcase Creation showcases textarea cross site scripting

Post correlati

CVE-2024-25138 | AutomationDirect C-MORE EA9 HMI up to 6.77 credentials storage (icsa-24-086-01)

CVE-2024-36070 | tine prior 2023.11.8 LDAP setup.php getRegistryData information disclosure

CVE-2024-51093 | Snipe-IT 7.0.13 #files cross site scripting

CVE-2024-30922 | jeffpiazza DerbyNet 9.0 print/render/award.inc sql injection