CVE-2020-20691

2021-09-2722:15:07

Google

osv.dev

monstra cms v3.0.4

arbitrary script execution

file extension filter

crafted html files

security vulnerability

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

References

github.com/monstra-cms/monstra/issues/461