Software link: BlackCat CMS [https://blackcat-cms.org/]
Version: 1.4.1
@author: Jorge Riopedre
Description: BlackCat CMS 1.4.1 is affected by a Cross-site scripting (XSS) vulnerability in upload/install/index.php that allows remote attackers to inject arbitrary web script or HTML via the 'Website Title' parameter.
When performing the installation and entering the site settings to install the appliance, the 'Website title' field is affected by the injection of arbitrary code: