PT-2020-17848 · Bolt · Bolt Cms

Bobdenotter

Published

2020-06-08

Updated

2022-10-07

CVE-2020-4041

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.1

Description The filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.

Recommendations For versions prior to 3.7.1, update to Bolt 3.7.1 to resolve the issue. As a temporary workaround, consider restricting the ability to rename uploaded files until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-4041

GHSA-68Q3-7WJP-7Q3J

Affected Products

Bolt Cms

PT-2020-17848 · Bolt · Bolt Cms

CVE-2020-4041

Weakness Enumeration

Related Identifiers

Affected Products

References · 10