CVE-2021-27237
Published
CVSS v3
4.8
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
GitHub