{"id":"CVE-2020-25877","details":"A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.","modified":"2026-03-14T10:07:02.799610Z","published":"2021-07-09T22:15:08.073Z","references":[{"type":"WEB","url":"https://blackcat-cms.org/"},{"type":"REPORT","url":"https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blackcatdevelopment/blackcatcms","events":[{"introduced":"0"},{"last_affected":"c23542f55cba8eaddb3cb34613bed03f7ae758f7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.6"}]}}],"versions":["1.0","1.0.3","1.1","1.2","1.2.1","1.2.1RC1","1.2.2","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","delete","v1.0.1","v1.0.2","v1.0.2a","v1.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25877.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}