Vulnerabilities > Monstra > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-36773 | Cross-site Scripting vulnerability in Monstra A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. | 4.8 |
| 2024-06-06 | CVE-2024-36775 | Cross-site Scripting vulnerability in Monstra 3.0.4 A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. | 5.4 |
| 2021-09-27 | CVE-2020-20691 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra CMS 3.0.4 An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | 6.5 |
| 2021-07-06 | CVE-2020-23697 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | 5.4 |
| 2021-07-01 | CVE-2020-23205 | Cross-site Scripting vulnerability in Monstra CMS 3.0.4 A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. | 5.4 |
| 2020-03-07 | CVE-2020-8439 | Forced Browsing vulnerability in Monstra Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | 6.5 |
| 2020-03-02 | CVE-2018-19599 | Cross-site Scripting vulnerability in Monstra CMS 1.6 Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. | 5.4 |
| 2019-07-03 | CVE-2018-11227 | Cross-site Scripting vulnerability in Monstra CMS Monstra CMS 3.0.4 and earlier has XSS via index.php. | 6.1 |
| 2018-10-29 | CVE-2018-18694 | Cross-site Scripting vulnerability in Monstra 3.0.4 admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. | 4.8 |
| 2018-09-18 | CVE-2018-16819 | Path Traversal vulnerability in Monstra 3.0.4 admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | 4.9 |