Cross-Site Scripting Vulnerability in BlackCatCMS by BlackCat Development
CVE-2018-10821

4.8MEDIUM

Key Information:

Vendor

Blackcat-cms

Status
Blackcat Cms
Vendor
CVE Published:
14 June 2018

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2018-10821?

A cross-site scripting (XSS) vulnerability exists in BlackCatCMS 1.3, enabling remote authenticated users with Admin privileges to inject arbitrary web scripts or HTML. This issue arises in the modify.php file located in the backend/pages directory, particularly through the search panel. Attackers can exploit this vulnerability, potentially leading to unauthorized actions and compromised security within the web application environment.

References

https://github.com/BlackCatDevelopment/BlackCatCMS/issues...
x_refsource_CONFIRM
https://github.com/BlackCatDevelopment/BlackCatCMS/commit...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.
CVE-2018-10821 : Cross-Site Scripting Vulnerability in BlackCatCMS by BlackCat Development