Vulnerabilities > Monstra > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-10118 | Cross-site Scripting vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | 4.8 |
| 2018-04-16 | CVE-2018-10109 | Cross-site Scripting vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | 4.8 |
| 2018-04-10 | CVE-2018-9038 | Path Traversal vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | 6.5 |
| 2018-02-02 | CVE-2018-6550 | Cross-site Scripting vulnerability in Monstra Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | 5.4 |