Blackcatdevelopment
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5079 | Hig | 0.53 | 7.5 | 0.18 | Feb 28, 2018 | Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | ||
| CVE-2017-9609 | Med | 0.35 | 5.4 | 0.02 | Jul 17, 2017 | Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | ||
| CVE-2015-5521 | Med | 0.31 | 4.8 | 0.01 | Jul 14, 2015 | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | ||
| CVE-2020-25453 | 0.03 | — | 0.06 | Sep 15, 2020 | An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | |||
| CVE-2023-53892 | 0.00 | — | 0.01 | Dec 15, 2025 | Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing… | |||
| CVE-2023-53891 | 0.00 | — | 0.00 | Dec 15, 2025 | Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised… | |||
| CVE-2021-27237 | 0.00 | — | 0.01 | Feb 16, 2021 | The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | |||
| CVE-2018-16635 | 0.00 | — | 0.01 | Dec 10, 2018 | Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | |||
| CVE-2018-10821 | Med | 0.00 | 4.8 | 0.01 | Jun 14, 2018 | Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. |
- risk 0.53cvss 7.5epss 0.18
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
- risk 0.35cvss 5.4epss 0.02
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
- CVE-2020-25453Sep 15, 2020risk 0.03cvss —epss 0.06
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
- CVE-2023-53892Dec 15, 2025risk 0.00cvss —epss 0.01
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing…
- CVE-2023-53891Dec 15, 2025risk 0.00cvss —epss 0.00
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised…
- CVE-2021-27237Feb 16, 2021risk 0.00cvss —epss 0.01
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
- CVE-2018-16635Dec 10, 2018risk 0.00cvss —epss 0.01
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
- risk 0.00cvss 4.8epss 0.01
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.