Gi0Rgi0R

**Name of the Vulnerable Software and Affected Versions** Black Cat CMS version 1.4.1 **Description** A stored cross-site scripting (XSS) issue in the `/settings/index.php` endpoint of Black Cat CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Website header` parameter. This enables attackers to potentially manipulate the website's behavior or steal user data. **Recommendations** For Black Cat CMS version 1.4.1, as a temporary workaround, consider restricting access to the `/settings/index.php` endpoint until a patch is available. Avoid using the `Website header` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Black Cat CMS version 1.4.1 **Description** A cross-site scripting (XSS) vulnerability exists in Black Cat CMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is present in two locations: the `/install/index.php` file, where the `Website title` parameter is vulnerable, and the `/settings/index.php` file. **Recommendations** For Black Cat CMS version 1.4.1, as a temporary workaround, consider restricting access to the `/install/index.php` and `/settings/index.php` files until a patch is available. Avoid using the `Website title` parameter in the `/install/index.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.