Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
Monstra Monstra 3.0.4
4.3
CVSSv2
CVE-2018-17025
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
Monstra Monstra 3.0.4
3.5
CVSSv2
CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
Monstra Monstra Cms 3.0.4
5.8
CVSSv2
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows malicious users to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
Monstra Monstra Cms 3.0.4
3.5
CVSSv2
CVE-2018-19599
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.
Monstra Monstra Cms 1.6
5
CVSSv2
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
Monstra Monstra Cms 3.0.4
6.5
CVSSv2
CVE-2020-23219
Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
Monstra Monstra Cms 3.0.4
6.5
CVSSv2
CVE-2020-13978
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication...
Monstra Monstra Cms 3.0.4
3.5
CVSSv2
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows malicious users to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
Monstra Monstra Cms 3.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4