Vulnerabilities > Monstra > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2020-23697 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | 3.5 |
| 2021-07-01 | CVE-2020-23205 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. | 3.5 |
| 2020-03-02 | CVE-2018-19599 | Cross-site Scripting vulnerability in Monstra CMS 1.6 Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. | 3.5 |
| 2018-10-29 | CVE-2018-18694 | Cross-site Scripting vulnerability in Monstra 3.0.4 admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. | 3.5 |
| 2018-09-13 | CVE-2018-17024 | Cross-site Scripting vulnerability in Monstra 3.0.4 admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | 3.5 |
| 2018-09-13 | CVE-2018-17026 | Cross-site Scripting vulnerability in Monstra 3.0.4 admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | 3.5 |
| 2018-04-16 | CVE-2018-10109 | Cross-site Scripting vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | 3.5 |
| 2018-04-16 | CVE-2018-10118 | Cross-site Scripting vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | 3.5 |
| 2018-04-16 | CVE-2018-10121 | Cross-site Scripting vulnerability in Monstra 3.0.4 plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. | 3.5 |
| 2018-02-02 | CVE-2018-6550 | Cross-site Scripting vulnerability in Monstra Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | 3.5 |