GHSA-xhqw-4hcq-fcvr

Suggest an improvement
Source
https://github.com/advisories/GHSA-xhqw-4hcq-fcvr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-xhqw-4hcq-fcvr/GHSA-xhqw-4hcq-fcvr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xhqw-4hcq-fcvr
Aliases
  • CVE-2024-7300
Published
2024-07-31T09:30:49Z
Modified
2024-08-19T22:12:04.357161Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Bolt CMS Cross-site Scripting vulnerability
Details

* UNSUPPORTED WHEN ASSIGNED * A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273168. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.

References

Affected packages

Packagist / bolt/bolt

Package

Name
bolt/bolt
Purl
pkg:composer/bolt/bolt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.7.1

Affected versions

v0.*

v0.8.4
v0.8.5
v0.9.5
v0.9.10

v1.*

v1.0.0
v1.0.5
v1.1.2
v1.1.4
v1.2.1
v1.3.0
v1.4.0
v1.4.3
v1.5.1
v1.5.6
v1.6.0
v1.6.2
v1.6.3
v1.6.3.1
v1.6.9

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.1-pl1
v2.1.2
v2.1.3
v2.1.3-pl1
v2.1.4
v2.1.4-pl1
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.8-pl1
v2.1.9
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2.10
v2.2.11
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.19-pl1
v2.2.20
v2.2.21
v2.2.22
v2.2.23
v2.2.24
v2.2.25

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.10
v3.0.11
v3.0.12
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.18
v3.2.19
v3.2.20
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.11
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.6.0-beta.1
v3.6.0-beta.2
v3.6.0-beta.3
v3.6.0-beta.4
v3.6.0-beta.5
v3.6.0-beta.6
v3.6.0-beta.7
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.6.10
v3.6.11
v3.7.0

3.*

3.5.7
3.7.1