VYPR
Vendor

Blackcatdevelopment

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2015-5079HigFeb 28, 2018
    risk 0.53cvss 7.5epss 0.18

    Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.

  • CVE-2017-9609MedJul 17, 2017
    risk 0.35cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.

  • CVE-2015-5521MedJul 14, 2015
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.

  • CVE-2020-25453Sep 15, 2020
    risk 0.03cvss epss 0.06

    An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.

  • CVE-2023-53892Dec 15, 2025
    risk 0.00cvss epss 0.01

    Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing…

  • CVE-2023-53891Dec 15, 2025
    risk 0.00cvss epss 0.00

    Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised…

  • CVE-2021-27237Feb 16, 2021
    risk 0.00cvss epss 0.01

    The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.

  • CVE-2018-16635Dec 10, 2018
    risk 0.00cvss epss 0.01

    Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.

  • CVE-2018-10821MedJun 14, 2018
    risk 0.00cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.