CVE-2024-7300 — LOW (3.5) — White Hats Nepal

Vulnerability Description

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Boltcms	Bolt	3.7.1

Related Weaknesses (CWE)

CWE-79

References

https://vuldb.com/?ctiid.273168Permissions RequiredVDB Entry
https://vuldb.com/?id.273168Permissions RequiredVDB Entry
https://vuldb.com/?submit.380678ExploitVDB Entry

FAQ

What is CVE-2024-7300?

CVE-2024-7300 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The mani...

How severe is CVE-2024-7300?

CVE-2024-7300 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7300?

Check the references section above for vendor advisories and patch information. Affected products include: Boltcms Bolt.