Cross site scripting

2018-04-1609:58:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.

CPENameOperatorVersion
monstraeq3.0.4

CPE	Name	Operator	Version
	monstra	eq	3.0.4

References

github.com/monstra-cms/monstra/issues/436

www.exploit-db.com/exploits/44855/