blackcat-cms 漏洞與 CVE 列表(19)

產品(CPE): — CVE 數: 19

blackcat-cms 漏洞概覽

彙總 blackcat-cms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本、CSRF與路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持與檔案覆寫 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11919 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-53892 Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter. [email protected] 8.6 0.78% 2025-12-15 2026-06-17
CVE-2023-53891 Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page. [email protected] 5.1 0.21% 2025-12-15 2026-06-17
CVE-2023-44043 A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. [email protected] 6.1 0.48% 2023-09-27 2026-06-17
CVE-2023-44042 A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. [email protected] 5.4 0.45% 2023-09-27 2026-06-17
CVE-2020-25878 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. [email protected] 4.8 0.54% 2021-07-09 2026-06-16
CVE-2020-25877 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. [email protected] 5.4 0.51% 2021-07-09 2026-06-16
CVE-2021-27237 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. [email protected] 4.8 0.96% 2021-02-16 2026-06-16
CVE-2020-25453 An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. [email protected] 8.8 6.28% 2020-09-15 2026-06-16
CVE-2018-16635 Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. [email protected] 5.4 0.57% 2018-12-10 2026-06-16
CVE-2018-10821 Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. [email protected] 4.8 1.01% 2018-06-14 2026-06-16
CVE-2015-5079 Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. [email protected] 7.5 17.31% 2018-02-28 2026-06-16
CVE-2017-14399 In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. [email protected] 8.8 1.05% 2017-09-12 2026-06-16
CVE-2017-14050 In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. [email protected] 8.8 1.16% 2017-08-31 2026-06-16
CVE-2017-14049 In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. [email protected] 5.4 0.58% 2017-08-31 2026-06-16
CVE-2017-14048 BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. [email protected] 8.8 0.55% 2017-08-31 2026-06-16
CVE-2017-13670 In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. [email protected] 6.5 0.84% 2017-08-31 2026-06-16
CVE-2017-9609 Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. [email protected] 5.4 1.52% 2017-07-17 2026-06-16
CVE-2015-5521 Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. [email protected] 4.8 0.73% 2015-07-14 2026-06-16
CVE-2014-5259 Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [email protected] 4.3 2.04% 2014-09-12 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence