Product:

Blackcat_cms

(Blackcat\-Cms)
Repositories https://github.com/BlackCatDevelopment/BlackCatCMS
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2020-09-15 CVE-2020-25453 An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. Blackcat_cms 8.8
2021-02-16 CVE-2021-27237 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. Blackcat_cms 4.8
2021-07-09 CVE-2020-25877 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. Blackcat_cms 5.4
2021-07-09 CVE-2020-25878 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. Blackcat_cms 4.8
2023-09-27 CVE-2023-44042 A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. Blackcat_cms 5.4
2023-09-27 CVE-2023-44043 A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. Blackcat_cms 6.1
2015-07-14 CVE-2015-5521 Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. Blackcat_cms 4.8