Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackcat-cms blackcat cms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
Blackcat-cms Blackcat Cms 1.2.2
4.8
CVSSv3
CVE-2021-27237
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
Blackcat-cms Blackcat Cms 1.3.6
4.8
CVSSv3
CVE-2018-10821
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
Blackcat-cms Blackcat Cms 1.3
1 Github repository
4.8
CVSSv3
CVE-2020-25878
A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated malicious users to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' m...
Blackcat-cms Blackcat Cms 1.3.6
5.4
CVSSv3
CVE-2017-9609
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
Blackcat-cms Blackcat Cms 1.2
1 Github repository
6.5
CVSSv3
CVE-2017-13670
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.
Blackcat-cms Blackcat Cms 1.2
5.4
CVSSv3
CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
Blackcat-cms Blackcat Cms 1.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2