Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Monstra
(Monstra)| Repositories | https://github.com/monstra-cms/monstra |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-16 | CVE-2018-10118 | Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | Monstra | 4.8 | ||
| 2018-04-16 | CVE-2018-10109 | Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | Monstra | 4.8 | ||
| 2018-01-23 | CVE-2017-18048 | Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. | Monstra | 8.8 | ||
| 2014-11-20 | CVE-2014-9006 | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | Monstra | N/A |