Stored Cross-Site Scripting in BlackCat CMS by BlackCat Development
CVE-2020-25878

4.8MEDIUM

Key Information:

Vendor

Blackcat-cms

Status
Blackcat Cms
Vendor
CVE Published:
9 July 2021

What is CVE-2020-25878?

A stored cross-site scripting vulnerability exists in the 'Admin-Tools' feature of BlackCat CMS version 1.3.6. This issue allows authenticated attackers to inject and execute arbitrary web scripts or HTML code by crafting payloads through the 'Output Filters' and 'Droplets' modules. If exploited, this vulnerability could lead to unauthorized access and potential manipulation of sensitive information within the application.

References

https://blackcat-cms.org/
x_refsource_MISC
https://github.com/BlackCatDevelopment/BlackCatCMS/issues...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-25878 : Stored Cross-Site Scripting in BlackCat CMS by BlackCat Development