Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.
AnalysisAI
Bold Page Builder through version 5.6.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into web pages. An attacker with user privileges can craft malicious input that persists in the application and executes in the browsers of other users who view the affected pages, potentially leading to credential theft or unauthorized actions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects boldthemes Bold Page Builder bold-page-builder. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.
Affected ProductsAI
Product: boldthemes Bold Page Builder bold-page-builder.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today