Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Blackcat_cms
(Blackcat\-Cms)| Repositories | https://github.com/BlackCatDevelopment/BlackCatCMS |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-44043 | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. | Blackcat_cms | 6.1 | ||
| 2023-09-27 | CVE-2023-44042 | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. | Blackcat_cms | 5.4 | ||
| 2015-07-14 | CVE-2015-5521 | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | Blackcat_cms | 4.8 | ||
| 2020-09-15 | CVE-2020-25453 | An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | Blackcat_cms | 8.8 | ||
| 2021-07-09 | CVE-2020-25878 | A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | Blackcat_cms | 4.8 | ||
| 2021-07-09 | CVE-2020-25877 | A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | Blackcat_cms | 5.4 | ||
| 2021-02-16 | CVE-2021-27237 | The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | Blackcat_cms | 4.8 | ||
| 2018-06-14 | CVE-2018-10821 | Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | Blackcat_cms | N/A | ||
| 2017-08-31 | CVE-2017-13670 | In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. | Blackcat_cms | 6.5 | ||
| 2018-02-28 | CVE-2015-5079 | Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | Blackcat_cms | 7.5 |