2021-02-16 18:23:00
mitre
PUBLISHED
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.