cve/2018/CVE-2018-19933.md

CVE-2018-19933

Description

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.

POC

Reference

• https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting
• https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting
• https://www.exploit-db.com/exploits/46014/
• https://www.exploit-db.com/exploits/46014/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting