Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackcat-cms blackcat cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5259
Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the msg parameter.
Blackcat-cms Blackcat Cms
8.8
CVSSv3
CVE-2020-25453
An issue exists in BlackCat CMS prior to 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
Blackcat-cms Blackcat Cms
7.5
CVSSv3
CVE-2015-5079
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS prior to 1.1.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the dl parameter.
Blackcat-cms Blackcat Cms
1 EDB exploit
4.8
CVSSv3
CVE-2015-5521
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
Blackcat-cms Blackcat Cms 1.1.2
4.8
CVSSv3
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
Blackcat-cms Blackcat Cms 1.3.6
8.8
CVSSv3
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
Blackcat-cms Blackcat Cms 1.2.2
5.4
CVSSv3
CVE-2020-25877
A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Blackcat-cms Blackcat Cms 1.3.6
6.5
CVSSv3
CVE-2017-13670
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.
Blackcat-cms Blackcat Cms 1.2
5.4
CVSSv3
CVE-2017-14049
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
Blackcat-cms Blackcat Cms 1.2
5.4
CVSSv3
CVE-2023-44042
A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.
Blackcat-cms Blackcat Cms 1.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »