CVE-2024-36775

2024-06-0622:15:10

[email protected]

web.nvd.nist.gov

cross-site scripting

arbitrary web scripts

html

crafted payload

edit profile page

about me parameter

monstra cms v3.0.4

5.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.

References

github.com/OoLs5/VulDiscovery/blob/main/monstra_xss.pdf