{"id":"CVE-2018-10821","details":"Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.","modified":"2026-03-14T09:27:09.940590Z","published":"2018-06-14T16:29:00.207Z","references":[{"type":"FIX","url":"https://github.com/BlackCatDevelopment/BlackCatCMS/commit/a817755828cd0bfd4b87b0eb5cec59ffe57d3c3e"},{"type":"EVIDENCE","url":"https://github.com/BlackCatDevelopment/BlackCatCMS/issues/384"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blackcatdevelopment/blackcatcms","events":[{"introduced":"0"},{"last_affected":"9b10acc7048ba8b2fd81ef6a18b8fd1004559c74"},{"fixed":"a817755828cd0bfd4b87b0eb5cec59ffe57d3c3e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3"}]}}],"versions":["1.0","1.0.3","1.1","1.2","1.2.1","1.2.1RC1","1.2.2","v1.0.1","v1.0.2","v1.0.2a","v1.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10821.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}