PT-2021-17344 · Unknown · Blackcat Cms
Published
2021-02-16
·
Updated
2021-02-17
·
CVE-2021-27237
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
BlackCat CMS version 1.3.6
Description:
The issue concerns stored XSS in the admin panel of BlackCat CMS, specifically via the
Display Name field. This occurs when an admin interacts with the "backend/preferences/ajax save.php" endpoint.Recommendations:
For BlackCat CMS version 1.3.6, consider restricting access to the
Display Name field in the admin panel until a fix is available. As a temporary workaround, avoid using the Display Name field to prevent potential exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackcat Cms