PT-2017-13223 · Blackcat · Blackcat Cms
Published
2017-08-31
·
Updated
2017-09-01
·
CVE-2017-14049
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BlackCat CMS version 1.2
Description
The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks. This can be achieved via the Website header or Website footer field in the backend/settings/ajax save settings.php file.
Recommendations
For BlackCat CMS version 1.2, consider restricting access to the backend/settings/ajax save settings.php file until a patch is available, and avoid using the Website header or Website footer fields in this file to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackcat Cms