Shodan
Vulnerabilities
Vulnerable Software
Blackcat-Cms:  >> Blackcat Cms  Security Vulnerabilities
CVE-2023-44042
A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-27
CVE-2023-44043
A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-27
CVE-2020-25877
A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09
CVE-2020-25878
A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-09
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-02-16
CVE-2020-25453
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-09-15
CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-10
CVE-2018-10821
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-06-14
CVE-2015-5079
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
CVSS Score
7.5
EPSS Score
0.338
Published
2018-02-28
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-09-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved