[webapps] BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)

# Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 04/07/2021 # Exploit Author: Ömer Hasan Durmuş # Vendor Homepage: https://blackcat-cms.org/ # Software Link: https://blackcat-cms.org/page/download.php # Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in http://TARGET/backend/start/index.php Step 2 : Then click on the "Addons" Step 3 : Click on "Create new" Step 4 : Input "<script>alert(1)</script>" in the field "Module / language name" Step 5 : Update or visit new page. Step 1 : Login to admin account in http://TARGET/backend/start/index.php Step 2 : Then click on the "Access" Step 3 : Click on "Manage groups" Step 4 : Input "<script>alert(1)</script>" in the field "Group name" and click "Add group" Step 5 : Update or visit new page.