131 matches found
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS by an admin via the Display Name field to backend/preferences/ajaxsave.php...
CVE-2023-53891
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...
CVE-2023-53891
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...
CVE-2023-53892
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...
CVE-2023-53892
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...
CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...
CVE-2023-53892
Summary: CVE-2023-53892 affects Blackcat CMS 1.4 with a remote code execution flaw in the jquery plugin manager. Authenticated admins can upload ZIP packages containing a PHP shell and trigger arbitrary system commands by accessing the uploaded plugin file with a code parameter. Affected software...
CVE-2023-53891
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability exploitable by authenticated users via the page modification interface. Malicious JavaScript payloads inserted into page content can execute when other users view the affected page. Root cause and impact are as described in con...
PT-2025-51310
Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a remote code execution issue. Authenticated administrators can upload malicious PHP files using the jquery plugin manager. An attacker can upload a zip file containing a PHP...
PT-2025-51309
Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a stored cross-site scripting issue. Authenticated users can inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification...
EUVD-2020-18139
Malware in sbrugna...
EUVD-2017-18540
Malware in sbrugna...
EUVD-2017-5187
Malware in sbrugna...
EUVD-2017-5562
Malware in sbrugna...
EUVD-2017-5902
Malware in sbrugna...
EUVD-2015-5476
Malware in sbrugna...
EUVD-2017-5564
Malware in sbrugna...
EUVD-2020-18509
Malware in sbrugna...
EUVD-2018-8440
Malware in sbrugna...
EUVD-2017-5563
Malware in sbrugna...