{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53891","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-15T14:39:05.361Z","datePublished":"2025-12-15T20:28:24.133Z","dateUpdated":"2026-04-07T14:07:15.751Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:07:15.751Z"},"title":"Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification","descriptions":[{"lang":"en","value":"Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"blackcat-cms","product":"Blackcat CMS","versions":[{"version":"1.4","status":"affected"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackcat-cms:blackcat_cms:1.4:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/51604","name":"ExploitDB-51604","tags":["exploit"]},{"url":"https://blackcat-cms.org/","name":"BlackCat CMS Product Webpage","tags":["product"]},{"name":"VulnCheck Advisory: Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/blackcat-cms-stored-cross-site-scripting-via-page-modification"}],"credits":[{"lang":"en","value":"Mirabbas Ağalarov","type":"finder"}],"x_generator":{"engine":"vulncheck"},"datePublic":"2023-07-19T00:00:00.000Z"},"adp":[{"references":[{"url":"https://www.exploit-db.com/exploits/51604","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-15T21:37:15.305739Z","id":"CVE-2023-53891","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-15T21:46:18.111Z"}}]}}