TROYANOSYVIRUS
Voltar para CVEs

CVE-2018-10821

MEDIUM
4.8

Descricao

Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.

Detalhes CVE

Pontuacao CVSS v3.14.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado6/14/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

blackcat-cms:blackcat_cms

Fraquezas (CWE)

CWE-79

Referencias

https://github.com/BlackCatDevelopment/BlackCatCMS/commit/a817755828cd0bfd4b87b0eb5cec59ffe57d3c3e(cve@mitre.org)
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/384(cve@mitre.org)
https://github.com/BlackCatDevelopment/BlackCatCMS/commit/a817755828cd0bfd4b87b0eb5cec59ffe57d3c3e(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/384(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.