Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra 3.0.4 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows malicious users to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
Monstra Monstra Cms 3.0.4
578
VMScore
CVE-2020-23219
Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
Monstra Monstra Cms 3.0.4
580
VMScore
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
668
VMScore
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
Monstra Monstra
312
VMScore
CVE-2018-6550
Monstra CMS up to and including 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
Monstra Monstra
356
VMScore
CVE-2020-8439
Monstra CMS up to and including 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.
Monstra Monstra
383
VMScore
CVE-2018-11227
Monstra CMS 3.0.4 and previous versions has XSS via index.php.
Monstra Monstra Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4