Vulnerabilities > Blackcat CMS

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2020-25877 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6
A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
3.5
2021-07-09 CVE-2020-25878 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6
A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules.
3.5
2021-02-16 CVE-2021-27237 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
3.5
2020-09-15 CVE-2020-25453 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS
An issue was discovered in BlackCat CMS before 1.4.
6.8
2018-12-10 CVE-2018-16635 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.2
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
3.5
2018-06-14 CVE-2018-10821 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
3.5
2018-02-28 CVE-2015-5079 Path Traversal vulnerability in Blackcat-Cms Blackcat CMS
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a ..
network
low complexity
blackcat-cms CWE-22
5.0
2017-09-12 CVE-2017-14399 Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2.2
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
network
low complexity
blackcat-cms CWE-434
6.5
2017-08-31 CVE-2017-14050 Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
network
low complexity
blackcat-cms CWE-434
6.5
2017-08-31 CVE-2017-14049 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
3.5