BlackCat CMS 1.3.6 Stored Cross Site Scripting (XSS)

|===========================================================================
| # Exploit Title : BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
|                                                                           
| # Author : Ali Seddigh                                            
|                                                                           
| # Category : Web Application
|
| # Software Link : https://blackcat-cms.org/page/download.php               
|
| # Vendor Homepage : https://blackcat-cms.org/
|                                                                           
| # Tested on : [ Windows ~> 10 ]                                                     
|
| # Version : 1.3.6
|                  
| # Date : 2021-05-26                                                        
|===========================================================================
|
| # Step 1 : Login to admin account in http://TARGET/backend/start/index.php
| # Step 2 : Then click on the "Addons"
| # Step 3 : Click on "Create new"
| # Step 4 : Input "<script>alert("Ali Triplex")</script>" in the field "Module / language name"
| # Step 5 : Update or visit new page.
|
|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================