Vulnerabilities > Monstra
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-36773 | Cross-site Scripting vulnerability in Monstra A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. | 4.8 |
| 2024-06-06 | CVE-2024-36774 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 |
| 2024-06-06 | CVE-2024-36775 | Cross-site Scripting vulnerability in Monstra 3.0.4 A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. | 5.4 |
| 2022-06-15 | CVE-2021-40940 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | 9.8 |
| 2021-10-28 | CVE-2021-36548 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | 9.8 |
| 2021-09-27 | CVE-2020-20691 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra CMS 3.0.4 An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | 6.5 |
| 2021-07-06 | CVE-2020-23697 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | 5.4 |
| 2021-07-01 | CVE-2020-23205 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. | 5.4 |
| 2021-07-01 | CVE-2020-23219 | Code Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | 8.8 |
| 2021-06-17 | CVE-2020-25414 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Monstra 3.0.4 A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | 9.8 |