CVE-2023-44042

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 79

Summary

CVE-2023-44042 is a stored cross-site scripting (XSS) vulnerability affecting the Black Cat CMS 1.4.1 in the /settings/index.php file. An attacker can exploit this weakness by injecting a malicious payload into the Website header parameter. Successful exploitation allows the attacker to execute arbitrary web scripts or HTML code, potentially leading to unauthorized access, data theft, or site defacement. This vulnerability poses a significant risk to websites running on the outdated Black Cat CMS version and requires immediate attention and patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/syXvLK
https://www.cve.org/CVERecord?id=CVE-2023-44042
https://nvd.nist.gov/vuln/detail/CVE-2023-44042

Back to Vulnerability Database

CVE-2023-44042

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations