Stored Cross-Site Scripting Vulnerability in Black Cat CMS by Gi0rgi0R
CVE-2023-44042

5.4MEDIUM

Key Information:

Vendor: Blackcat-cms
Status: Blackcat Cms
Vendor: CVE Published:; 27 September 2023

🔔 Create Blackcat-cms Vulnerability Alert

What is CVE-2023-44042?

A stored cross-site scripting (XSS) vulnerability exists in the /settings/index.php file of Black Cat CMS version 1.4.1. This flaw enables attackers to execute arbitrary web scripts or HTML by injecting a crafted payload through the Website header parameter. Successful exploitation could lead to unauthorized access or manipulation of user data, posing a significant security risk to applications utilizing this CMS.

References

https://github.com/Gi0rgi0R/xss_frontend_settings_blackca...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 25, 2023

JSON