CVE-2023-53891

EUVD-2025-203419
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
blackcat-cmsblackcat_cms
1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blackcat-cms.org/
https://www.exploit-db.com/exploits/51604
https://www.vulncheck.com/advisories/blackcat-cms-stored-cross-site-scripting-via-page-modification
https://www.exploit-db.com/exploits/51604