CVE-2023-53891

MEDIUM

Blackcat CMS 1.4 - Authenticated Stored Cross-Site Scripting via Page Modification

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53891. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Blackcat CMS v1.4. The attacker injects malicious JavaScript via the page modification interface, which executes when a user visits the preview page.

Description

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.

Exploits (1)

exploitdb WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51604

This exploit demonstrates a stored XSS vulnerability in Blackcat CMS v1.4. The attacker injects malicious JavaScript via the page modification interface, which executes when a user visits the preview page.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Blackcat CMS v1.4
Auth required
Prerequisites: Valid credentials to access the CMS backend · Access to the page modification interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51604
Product product
https://blackcat-cms.org/

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 10.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
blackcat-cms/Blackcat CMS 1.4
blackcat-cms/blackcat_cms 1.4
Published Dec 15, 2025
Tracked Since Feb 18, 2026