Vulnerabilities > Monstra > Monstra CMS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2020-23697 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | 3.5 |
| 2021-07-01 | CVE-2020-23205 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. | 3.5 |
| 2020-03-02 | CVE-2018-19599 | Cross-site Scripting vulnerability in Monstra CMS 1.6 Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. | 3.5 |