CVE-2023-44043

Name of the Vulnerable Software and Affected Versions Black Cat CMS version 1.4.1

Description A cross-site scripting (XSS) vulnerability exists in Black Cat CMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is present in two locations: the /install/index.php file, where the Website title parameter is vulnerable, and the /settings/index.php file.

Recommendations For Black Cat CMS version 1.4.1, as a temporary workaround, consider restricting access to the /install/index.php and /settings/index.php files until a patch is available. Avoid using the Website title parameter in the /install/index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.