Blackcat-Cms: >> Blackcat Cms >> 1.4 Security Vulnerabilities
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-15
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.
CVSS Score
7.2
EPSS Score
0.006
Published
2025-12-15