Lucene search

CVE-2021-27237

🗓️ 16 Feb 2021 19:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 30 Views🌐 WEB

The admin panel in BlackCat CMS 1.3.6 allows stored XSS via the Display Name fiel

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Prion	Design/Logic Flaw	16 Feb 202119:15	–	prion
Cvelist	CVE-2021-27237	16 Feb 202118:23	–	cvelist
CNVD	BlackCat CMS Cross-Site Scripting Vulnerability (CNVD-2021-14158)	19 Feb 202100:00	–	cnvd
NVD	CVE-2021-27237	16 Feb 202119:15	–	nvd
OSV	CVE-2021-27237	16 Feb 202119:15	–	osv

Nvd

Node

blackcat-cms blackcat_cmsMatch1.3.6

Source	Link
github	www.github.com/BlackCatDevelopment/BlackCatCMS/commits/release-1.4/upload/backend/preferences/ajax_save.php
exploit-db	www.exploit-db.com/exploits/49565
github	www.github.com/BlackCatDevelopment/BlackCatCMS/compare/1.3.6...1.4Beta

Parameter	Position	Path	Description	CWE
Display Name	request body	/backend/preferences/ajax_save.php	Stored XSS vulnerability in the Display Name field in BlackCat CMS admin panel.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Feb 2021 19:15Current

4.8Medium risk

Vulners AI Score4.8

CVSS23.5

CVSS34.8

EPSS0.0034

CWE-79