CVE-2024-7299
CVSS 2.0 Score 4.0 of 10 (medium)
Details
Published Jul 31, 2024
CWE ID 79
Summary
CVE-2024-7299: A critical cross-site scripting (XSS) vulnerability was identified in the unsupported Bolt CMS 3.7.1. The issue lies in the processing of the /preview/page file within the Entry Preview Handler component, where manipulation of the argument body can lead to remote XSS attacks. The exploit has been made public, posing a significant risk. Although the vendor confirmed that the affected release tree is end-of-life, it is essential for organizations using this software to upgrade or mitigate the vulnerability immediately.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- CMs