BlackCat CMS 1.3.6 Stored Cross Site Scripting (XSS)

2021.05.26

Ali Seddigh (IR)

Risk: Low

Local: Yes

Remote: Yes

CVE: N/A

CWE: N/A

|===========================================================================
| # Exploit Title : BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Software Link : https://blackcat-cms.org/page/download.php
|
| # Vendor Homepage : https://blackcat-cms.org/
|
| # Tested on : [ Windows ~> 10 ]
|
| # Version : 1.3.6
|
| # Date : 2021-05-26
|===========================================================================
|
| # Step 1 : Login to admin account in http://TARGET/backend/start/index.php
| # Step 2 : Then click on the "Addons"
| # Step 3 : Click on "Create new"
| # Step 4 : Input "<script>alert("Ali Triplex")</script>" in the field "Module / language name"
| # Step 5 : Update or visit new page.
|
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

BlackCat CMS 1.3.6 Stored Cross Site Scripting (XSS)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.