Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-44043: GitHub - Gi0rgi0R/xss_installation_blackcat_cms_1.4.1: XSS in install page in BlackCat CMS 1.4.1

A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website footer parameter.

CVE
Open in Source
#xss#vulnerability#web#git#php#auth

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Resources

    • Learning Pathways
    • White papers, Ebooks, Webinars
    • Customer Stories
    • Partners

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

Gi0rgi0R / xss_installation_blackcat_cms_1.4.1 Public

  • Notifications
  • Fork 0
  • Star 0

XSS in install page in BlackCat CMS 1.4.1

0 stars 0 forks Activity

Star

Notifications

  • Code
  • Issues
  • Pull requests
  • Actions
  • Projects
  • Security
  • Insights

More

main

Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

  • Clone

    Use Git or checkout with SVN using the web URL.

  • Open with GitHub Desktop

  • Download ZIP

Latest commit

Git stats

  • 6 commits

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Update README.md

September 22, 2023 19:17

XSS in BlackCat CMS install page POC

README.md

XSS in BlackCat CMS install page

Software link: BlackCat CMS [https://blackcat-cms.org/]

Version: 1.4.1

@author: Jorge Riopedre

Description: BlackCat CMS 1.4.1 is affected by a Cross-site scripting (XSS) vulnerability in upload/install/index.php that allows remote attackers to inject arbitrary web script or HTML via the ‘Website Title’ parameter.

POC

When performing the installation and entering the site settings to install the appliance, the ‘Website title’ field is affected by the injection of arbitrary code:

About

XSS in install page in BlackCat CMS 1.4.1

Resources

Readme

Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks

Report repository

Releases

No releases published

Packages

No packages published

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE