header-logo
Suggest Exploit
vendor:
BlackCat CMS
by:
Kamaljeet Kumar - TATA Advanced Systems Limited
7.5
CVSS
HIGH
Cross Site Scripting (XSS)
79
CWE
Product Name: BlackCat CMS
Affected Version From: 1.3.6
Affected Version To: 1.3.6
Patch Exists: NO
Related CWE: N/A
CPE: a:blackcat-cms:blackcat_cms
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2021

BlackCat CMS 1.3.6 – ‘Display name’ Cross Site Scripting (XSS)

To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert(1) " this XSS payload on Display name field and click on the Save button. Then refresh the page and hover the mouse on Display name filed and our XSS message pop up.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
# Date: 16-02-2021
# Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited
# Vendor Homepage: https://blackcat-cms.org/
# Software Link: https://blackcat-cms.org/page/download.php
# Version: BlackCat CMS - 1.3.6
# Tested on: Windows

# Steps to Reproduce:

1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert(1) " this XSS payload on Display name field and click on the Save button.

2 .Then refresh the page and hover the mouse on Display name filed and our XSS message pop up.

Navigation

Suggest Exploit

Services By CQR