CVE-2023-53891 – Blackcat CMS 1.4 contains a stored cross-site s... (How to Fix)

Q: What is the severity of CVE-2023-53891?

CVE-2023-53891 has a CVSS score of 5.4 (MEDIUM). Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious JavaScript into page content. When other users view compromised pages, the injected scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. This affects all Blackcat CMS 1.4 installations with authenticated user accounts.

📋 TL;DR

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious JavaScript into page content. When other users view compromised pages, the injected scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. This affects all Blackcat CMS 1.4 installations with authenticated user accounts.

💻 Affected Systems

Products:

Blackcat CMS

Versions: 1.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the page modification interface. All installations with default configuration are vulnerable.

📦 What is this software?

Blackcat Cms by Blackcat Cms

View all CVEs affecting Blackcat Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over admin accounts, deface websites, or redirect users to malicious sites, potentially leading to complete system compromise.

🟠

Likely Case

Authenticated attackers inject malicious scripts that execute when other users view pages, leading to session hijacking, credential theft, or unauthorized actions within the CMS.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. Public exploit code is available, making attacks easy for authenticated malicious users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://blackcat-cms.org/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, implementing workarounds, or switching to alternative CMS platforms.

🔧 Temporary Workarounds

Implement Input Validation and Output Encoding

all

Add server-side validation to sanitize user input in page content fields and implement proper output encoding when displaying content.

Modify Blackcat CMS source code to add input sanitization functions for page content fields

Implement Content Security Policy (CSP)

all

Add CSP headers to restrict script execution sources and prevent inline script execution.

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Restrict authenticated user permissions to minimize who can modify page content
Implement web application firewall (WAF) rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test by attempting to inject a simple XSS payload like <script>alert('XSS')</script> in the page modification interface and check if it executes when viewing the page.

Check Version:

Check Blackcat CMS version in admin panel or configuration files

Verify Fix Applied:

After implementing workarounds, test with the same XSS payload to confirm it no longer executes and appears as plain text.

📡 Detection & Monitoring

Log Indicators:

Unusual page modification activity, especially with script tags or JavaScript code in content fields

Network Indicators:

HTTP requests containing suspicious script tags or JavaScript in POST data to page modification endpoints

SIEM Query:

source="web_logs" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=") AND uri_path="/admin/pages/modify"

📊 Metadata

CVE ID: CVE-2023-53891

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: December 15, 2025

Last Updated: December 17, 2025

🔗 References

https://blackcat-cms.org/ Product
https://www.exploit-db.com/exploits/51604 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/blackcat-cms-stored-cross-site-scripting-via-page-modification Third Party Advisory
https://www.exploit-db.com/exploits/51604 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53891, you might also want to check these: