CVE-2023-53891

Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

blackcat-cms · Blackcat CMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blackcat-cms.org/https://www.exploit-db.com/exploits/51604 https://www.vulncheck.com/advisories/blackcat-cms-stored-cross-site-scripting-via-page-modification