2 matches found
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS by an admin via the Display Name field to backend/preferences/ajaxsave.php...
CVE-2021-27237
The CVE-2021-27237 issue affects BlackCat CMS 1.3.6: the admin panel allows stored XSS via the Display Name field sent to backend/preferences/ajax_save.php. Multiple connected records (Red Hat, CNVD, NVD, OSV, etc.) document this stored XSS in BlackCat CMS 1.3.6, with no further technical details...