Blackcat-cms

Blackcat Cms

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2023-53892

Exploit
  • EPSS 0.95%
  • Veröffentlicht 15.12.2025 20:28:24
  • Zuletzt bearbeitet 17.12.2025 15:37:00

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary sy...

5.4

CVE-2023-53891

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 20:28:24
  • Zuletzt bearbeitet 17.12.2025 15:35:35

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other u...

6.1

CVE-2023-44043

Exploit
  • EPSS 0.21%
  • Veröffentlicht 27.09.2023 15:19:35
  • Zuletzt bearbeitet 21.11.2024 08:25:10

A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter.

5.4

CVE-2023-44042

Exploit
  • EPSS 0.2%
  • Veröffentlicht 27.09.2023 15:19:35
  • Zuletzt bearbeitet 21.11.2024 08:25:10

A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.

4.8

CVE-2020-25878

Exploit
  • EPSS 0.33%
  • Veröffentlicht 09.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:18:57

A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules...

5.4

CVE-2020-25877

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:18:57

A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.

4.8

CVE-2021-27237

Exploit
  • EPSS 0.34%
  • Veröffentlicht 16.02.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:39

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.

8.8

CVE-2020-25453

Exploit
  • EPSS 0.4%
  • Veröffentlicht 15.09.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:17:59

An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.

5.4

CVE-2018-16635

Exploit
  • EPSS 0.21%
  • Veröffentlicht 10.12.2018 19:29:25
  • Zuletzt bearbeitet 21.11.2024 03:53:06

Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.

4.8

CVE-2018-10821

Exploit
  • EPSS 0.33%
  • Veröffentlicht 14.06.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:05

Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.