Vulnerabilities > Blackcat CMS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2020-25878 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | 3.5 |
| 2021-07-09 | CVE-2020-25877 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | 3.5 |
| 2021-02-16 | CVE-2021-27237 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | 3.5 |
| 2018-12-10 | CVE-2018-16635 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.2 Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | 3.5 |
| 2018-06-14 | CVE-2018-10821 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3 Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | 3.5 |
| 2017-08-31 | CVE-2017-14049 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2 In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | 3.5 |
| 2017-07-17 | CVE-2017-9609 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2 Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | 3.5 |