Known Vulnerabilities for products from Blackcat-cms
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Blackcat-cms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-44043 json | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute... | 6.1 - MEDIUM | 2023-09-27 | 2023-10-06 |
| CVE-2023-44042 json | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute a... | 5.4 - MEDIUM | 2023-09-27 | 2023-09-28 |
| CVE-2021-27237 json | The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_... | 4.8 - MEDIUM | 2021-02-16 | 2021-02-17 |
| CVE-2020-25878 json | A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated att... | 4.8 - MEDIUM | 2021-07-09 | 2021-07-15 |
| CVE-2020-25877 json | A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attack... | 5.4 - MEDIUM | 2021-07-09 | 2021-07-14 |
| CVE-2020-25453 json | An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbi... | 8.8 - HIGH | 2020-09-15 | 2022-01-01 |
| CVE-2018-16635 json | Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | 5.4 - MEDIUM | 2018-12-10 | 2019-02-26 |
| CVE-2018-10821 json | Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users wit... | 4.8 - MEDIUM | 2018-06-14 | 2020-06-04 |
| CVE-2017-14399 json | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as ... | 8.8 - HIGH | 2017-09-12 | 2017-09-19 |
| CVE-2017-14050 json | In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP arc... | 8.8 - HIGH | 2017-08-31 | 2017-09-01 |
| CVE-2017-14049 json | In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the... | 5.4 - MEDIUM | 2017-08-31 | 2017-09-01 |
| CVE-2017-14048 json | BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename pa... | 8.8 - HIGH | 2017-08-31 | 2017-09-01 |
| CVE-2017-13670 json | In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_uploa... | 6.5 - MEDIUM | 2017-08-31 | 2019-10-03 |
| CVE-2017-9609 json | Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script... | 5.4 - MEDIUM | 2017-07-17 | 2017-07-21 |
| CVE-2015-5521 json | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML... | 4.8 - MEDIUM | 2015-07-14 | 2023-01-30 |
| CVE-2015-5079 json | Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary ... | 7.5 - HIGH | 2018-02-28 | 2019-04-29 |
| CVE-2014-5259 json | Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earl... | 4.3 - MEDIUM | 2014-09-12 | 2018-10-09 |
Known software with vulnerabilities from Blackcat-cms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Blackcat-cms | Blackcat Cms | 1.0 |