CVE-2022-24227

MEDIUM

BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24227. PoCs published by Cyber-Wo0dy.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2022-24227, a stored XSS vulnerability in BoltWire CMS v8.00. It includes steps to reproduce the issue using malicious scripts in the 'First Name' and 'Last Name' fields during member registration.

Description

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.

Exploits (1)

nomisec WRITEUP
by Cyber-Wo0dy · poc
https://github.com/Cyber-Wo0dy/CVE-2022-24227-updated

This repository provides a detailed writeup for CVE-2022-24227, a stored XSS vulnerability in BoltWire CMS v8.00. It includes steps to reproduce the issue using malicious scripts in the 'First Name' and 'Last Name' fields during member registration.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: BoltWire CMS v8.00
Auth required
Prerequisites: Access to member registration page · Administrator interaction to trigger payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0222
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
boltwire/boltwire 7.10
boltwire/boltwire 8.00
Published Feb 15, 2022
Tracked Since Feb 18, 2026