CVE-2024-7299

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Jul 31, 2024

CWE ID 79

Summary

CVE-2024-7299: A critical cross-site scripting (XSS) vulnerability was identified in the unsupported Bolt CMS 3.7.1. The issue lies in the processing of the /preview/page file within the Entry Preview Handler component, where manipulation of the argument body can lead to remote XSS attacks. The exploit has been made public, posing a significant risk. Although the vendor confirmed that the affected release tree is end-of-life, it is essential for organizations using this software to upgrade or mitigate the vulnerability immediately.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xWERGA
https://www.cve.org/CVERecord?id=CVE-2024-7299
https://nvd.nist.gov/vuln/detail/CVE-2024-7299

Back to Vulnerability Database

CVE-2024-7299

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations