CVE-2024-7300

Name of the Vulnerable Software and Affected Versions Bolt CMS version 3.7.1

Description A problematic vulnerability has been found in the Showcase Creation Handler component, affecting an unknown function of the file /bolt/editcontent/showcases. The manipulation of the textarea argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer, and the vendor has confirmed that the affected release tree is end-of-life.

Recommendations As a temporary workaround, consider disabling the unknown function of the file /bolt/editcontent/showcases until a patch is available. Restrict access to the Showcase Creation Handler component to minimize the risk of exploitation. Avoid using the textarea argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.