Vulnerabilities > Mono > Monox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12471 | Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | 7.5 |
| 2020-04-29 | CVE-2020-12470 | Files or Directories Accessible to External Parties vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | 6.5 |
| 2020-04-29 | CVE-2020-12473 | Improper Privilege Management vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | 9.0 |
| 2020-04-29 | CVE-2020-12472 | Cross-site Scripting vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | 3.5 |