CVE-2020-7853
published 2021-03-24CVE-2020-7853: An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.83%
52.9th percentile
An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bolt | bolt | >= 0 < 3.7.1 | 3.7.1 |
| tobesoft | xplatform | <= 9.2.2.250 | — |
| tobesoft | xplatform | >= unspecified < 9.2.2.250 | 9.2.2.250 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5q8-p7wr-hcrr: An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read
ghsa_unreviewed·2022-05-24
CVE-2020-7853 [CRITICAL] CWE-787 GHSA-w5q8-p7wr-hcrr: An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read
An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution.
GHSA
CSRF issue on preview pages in Bolt CMS
ghsa·2020-06-09
CVE-2020-4040 [HIGH] CWE-352 CSRF issue on preview pages in Bolt CMS
CSRF issue on preview pages in Bolt CMS
### Impact
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
### Patches
This has been fixed in Bolt 3.7.1
### References
Related issue: https://github.com/bolt/bolt/pull/7853
GHSA
The filename of uploaded files vulnerable to stored XSS
ghsa·2020-06-09
CVE-2020-4041 [HIGH] CWE-79 The filename of uploaded files vulnerable to stored XSS
The filename of uploaded files vulnerable to stored XSS
### Impact
The filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it.
Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.
### Patches
This is fixed in Bolt 3.7.1.
### References
Related issue: https://github.com/bolt/bolt/pull/7853
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-24
Published