Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

8.8CVSS6AI score0.00681EPSS
Exploits2References6
NVD
NVD
added 2021/07/06 9:15 p.m.20 views

CVE-2020-23697

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php...

5.4CVSS0.01885EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2020/06/09 1:6 p.m.16 views

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

7.8AI score0.01272EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/06/09 1:6 p.m.22 views

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

7.4AI score0.01272EPSS
Exploits1References1
NVD
NVD
added 2019/07/03 4:15 p.m.19 views

CVE-2018-11227

Monstra CMS 3.0.4 and earlier has XSS via index.php...

6.1CVSS6.1AI score0.04754EPSS
Exploits1References3
OSV
OSV
added 2018/09/18 9:29 p.m.14 views

CVE-2018-16820

admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests...

7.5CVSS7AI score
Exploits0References2
Prion
Prion
added 2018/09/18 9:29 p.m.14 views

Arbitrary file deletion

admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&deletefile= requests...

5.5CVSS5.3AI score0.01336EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/09/13 8:29 p.m.18 views

CVE-2018-17024

admin/index.php in Monstra CMS 3.0.4 allows XSS via the pagemetatitle parameter in an addpage action...

4.8CVSS4.9AI score0.00707EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/09/13 8:0 p.m.33 views

CVE-2018-17026

admin/index.php in Monstra CMS 3.0.4 allows XSS via the pagemetatitle parameter in an editpage&name=error404 action, a different vulnerability than CVE-2018-10121...

5.2AI score0.00696EPSS
Exploits1References1
CVE
CVE
added 2018/08/14 4:0 p.m.57 views

CVE-2018-14922

CVE-2018-14922 : Monstra CMS 3.0.4 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the first name or last name fields on the profile edit page. The issue is documented across multiple sources (NVD entry and OSVDB/CVE ...

6.1CVSS6.1AI score0.01952EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2018/06/05 11:29 a.m.18 views

Design/Logic Flaw

plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the loginattempts cookie...

5CVSS9.4AI score0.01678EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/05/25 7:29 p.m.16 views

CVE-2018-11472

Monstra CMS 3.0.4 has Reflected XSS during Login i.e., the login parameter to admin/index.php...

6.1CVSS6.1AI score0.00939EPSS
Exploits0References2
Prion
Prion
added 2018/05/25 7:29 p.m.17 views

Cross site scripting

Monstra CMS 3.0.4 has Reflected XSS during Login i.e., the login parameter to admin/index.php...

4.3CVSS5.9AI score0.00939EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/05/25 7:29 p.m.25 views

CVE-2018-11473

Monstra CMS 3.0.4 has XSS in the registration Form i.e., the login parameter to users/registration...

6.1CVSS6AI score0.02273EPSS
Exploits0References2
OSV
OSV
added 2018/05/25 7:29 p.m.17 views

CVE-2018-11472

Monstra CMS 3.0.4 has Reflected XSS during Login i.e., the login parameter to admin/index.php...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 2018/05/25 7:0 p.m.25 views

CVE-2018-11473

Monstra CMS 3.0.4 has XSS in the registration Form i.e., the login parameter to users/registration...

6.3AI score0.02273EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2018/05/15 12:0 a.m.55 views

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Date: 2018-05-14 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: MAC OSX CVE :CVE-2018-9037 Monst...

0.3AI score0.02919EPSS
Exploits5
exploitpack
exploitpack
added 2018/04/23 12:0 a.m.21 views

Monstra cms 3.0.4 - Persitent Cross-Site Scripting

Monstra cms 3.0.4 - Persitent Cross-Site Scripting Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested o...

3.5CVSS5.4AI score0.02195EPSS
Exploits5
NVD
NVD
added 2018/01/23 6:29 a.m.20 views

CVE-2017-18048

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php lowercase is blocked but .PHP uppercase is not...

8.8CVSS8.9AI score0.63355EPSS
Exploits6References4
Rows per page
Query Builder