PT-2017-11761 · Bolt · Bolt Cms

Pranav Jagtap

+1

·

Publicado

2017-07-17

·

Atualizado

2025-02-14

·

CVE-2017-11128

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Bolt CMS version 3.2.14
Description The issue allows stored XSS via text input, as demonstrated by the Title field of a New Entry. This can be exploited by injecting malicious code into the text input fields.
Recommendations For Bolt CMS version 3.2.14, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the text input fields, such as the Title field of a New Entry, to minimize the risk of exploitation. Avoid using the title field in the affected entry creation process until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-11128
GHSA-5R9J-698H-2H5M

Produtos afetados

Bolt Cms