Blackcat Cms is a Php-based content management system from the Blackcat team. version 1.3.6 of BlackCat CMS contains a cross-site scripting vulnerability that can be exploited by an authenticated attacker to execute arbitrary web scripts or HTML via a crafted payload entered with the "Admin-Tools" parameter.