Vulnerabilities > Blackcat CMS > Blackcat CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-27 | CVE-2023-44042 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.4.1 A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. | 5.4 |
2023-09-27 | CVE-2023-44043 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.4.1 A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. | 6.1 |
2021-07-09 | CVE-2020-25877 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | 3.5 |
2021-07-09 | CVE-2020-25878 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | 3.5 |
2021-02-16 | CVE-2021-27237 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | 3.5 |
2020-09-15 | CVE-2020-25453 | Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS An issue was discovered in BlackCat CMS before 1.4. | 6.8 |
2018-12-10 | CVE-2018-16635 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.2 Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | 3.5 |
2018-02-28 | CVE-2015-5079 | Path Traversal vulnerability in Blackcat-Cms Blackcat CMS Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2017-09-12 | CVE-2017-14399 | Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2.2 In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | 6.5 |
2017-08-31 | CVE-2017-14050 | Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2 In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | 6.5 |