Miggo Logo
Miggo Vulnerability Database
CVE-2017-11127

CVE-2017-11127: Bolt CMS Stored XSS

5.4

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-11127
GHSA ID
GHSA-hqxc-w9vw-3hp5
EPSS Score
0.43188%
CWE
CWE-79
Published
5/17/2022
Updated
10/31/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
bolt/boltcomposer<= 3.2.14

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization during SVG file uploads. Bolt CMS validates the MIME type ('image/svg+xml') but does not inspect or sanitize the SVG's XML content. The FileUploadController's upload() method is the logical entry point for handling file uploads, where content validation should occur. Since the attack requires only a valid Content-Type header and malicious SVG content, the absence of XML/script sanitization in this handler directly enables the stored XSS vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*olt *MS *.*.** *llows stor** XSS *y uplo**in* *n SV* *o*um*nt wit* * "*ont*nt-Typ*: im***/sv*+xml" *****r.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion *urin* SV* *il* uplo**s. *olt *MS v*li**t*s t** MIM* typ* ('im***/sv*+xml') *ut *o*s not insp**t or s*nitiz* t** SV*'s XML *ont*nt. T** `*il*Uplo***ontroll*r`'s `uplo**()` m*t*o* is t** lo*i**l