Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-11227
Monstra CMS 3.0.4 and previous versions has XSS via index.php.
Monstra Monstra Cms
312
VMScore
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows malicious users to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
Monstra Monstra Cms 3.0.4
578
VMScore
CVE-2020-23219
Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
Monstra Monstra Cms 3.0.4
312
VMScore
CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
Monstra Monstra Cms 3.0.4
312
VMScore
CVE-2018-19599
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.
Monstra Monstra Cms 1.6
445
VMScore
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
Monstra Monstra Cms 3.0.4
516
VMScore
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows malicious users to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
Monstra Monstra Cms 3.0.4
578
VMScore
CVE-2020-13978
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication...
Monstra Monstra Cms 3.0.4
580
VMScore
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
555
VMScore
CVE-2018-9038
Monstra CMS 3.0.4 allows remote malicious users to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
Monstra Monstra 3.0.4
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »