Blackcat Cms@1.3.6 Security Vulnerabilities and Issues — Blackcat Cms@1.3.6 CVE List

Lucene search

Blackcat-cmsBlackcat Cms1.3.6

3 matches found

CVE•added 2021/07/09 10:15 p.m.•72 views

CVE-2020-25877

A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.

5.4CVSS5.2AI score0.00163EPSS

CVE•added 2021/07/09 10:15 p.m.•57 views

CVE-2020-25878

A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules.

4.8CVSS5AI score0.00224EPSS

CVE•added 2021/02/16 7:15 p.m.•33 views

CVE-2021-27237

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.

4.8CVSS4.8AI score0.0034EPSS