Stored XSS Vulnerability in Black Cat CMS 1.4.1 Allows Arbitrary Code Execution via Crafted Website Header Parameter

Stored XSS Vulnerability in Black Cat CMS 1.4.1 Allows Arbitrary Code Execution via Crafted Website Header Parameter

CVE-2023-44042 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.

Learn more about our Web App Pen Testing.