CVE-2017-9609

MEDIUM

Blackcat CMS 1.2 - Authenticated Cross-Site Scripting via map_language Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9609. PoCs published by faizzaidi.

AI-analyzed exploit summary This repository contains a README file describing a Cross-Site Scripting (XSS) vulnerability in BlackCat CMS v1.2, assigned CVE-2017-9609. No exploit code or technical details are provided beyond the CVE reference.

Description

Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.

Exploits (1)

nomisec WRITEUP 2 stars
by faizzaidi · poc
https://github.com/faizzaidi/Blackcat-cms-v1.2-xss-POC-by-Provensec-llc

This repository contains a README file describing a Cross-Site Scripting (XSS) vulnerability in BlackCat CMS v1.2, assigned CVE-2017-9609. No exploit code or technical details are provided beyond the CVE reference.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: BlackCat CMS v1.2
No auth needed
Prerequisites: Access to a vulnerable BlackCat CMS v1.2 instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/faizzaidi/Blackcat-cms-v1.2-xss-POC-by-Provensec-llc
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/143103/Blackcat-CMS-1.2-Cross-Site-Scripting.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/BlackCatDevelopment/BlackCatCMS/issues/373

Scores

CVSS v3 5.4
EPSS 0.0152
EPSS Percentile 71.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
blackcat-cms/blackcat_cms 1.2
Published Jul 17, 2017
Tracked Since Feb 18, 2026