Stored XSS Vulnerability in BlackCat CMS 1.3.6 Admin-Tools Feature

Stored XSS Vulnerability in BlackCat CMS 1.3.6 Admin-Tools Feature

CVE-2020-25878 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules.

Learn more about our Web App Pen Testing.