Blackcat-Cms: >> Blackcat Cms >> 1.3.6 Security Vulnerabilities
A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09
A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-09
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-02-16
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-09-15