Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
References
Link | Resource |
---|---|
https://github.com/BlackCatDevelopment/BlackCatCMS/commit/a817755828cd0bfd4b87b0eb5cec59ffe57d3c3e | Patch Third Party Advisory |
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/384 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-14T16:00:00
Updated: 2018-06-14T15:57:02
Reserved: 2018-05-08T00:00:00
Link: CVE-2018-10821
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-14T16:29:00.207
Modified: 2020-06-04T14:36:00.147
Link: CVE-2018-10821
JSON object: View
Redhat Information
No data.
CWE