PT-2017-11761 · Bolt · Bolt Cms
Pranav Jagtap
+1
·
Published
2017-07-17
·
Updated
2025-02-14
·
CVE-2017-11128
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bolt CMS version 3.2.14
Description
The issue allows stored XSS via text input, as demonstrated by the Title field of a New Entry. This can be exploited by injecting malicious code into the text input fields.
Recommendations
For Bolt CMS version 3.2.14, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the text input fields, such as the Title field of a New Entry, to minimize the risk of exploitation. Avoid using the
title field in the affected entry creation process until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bolt Cms