6 matches found
EUVD-2018-2188
Malware in sbrugna...
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...
CVE-2018-10109
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...
Cross site scripting
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...
CVE-2018-10109
Monstra CMS 3.0.4 is affected by a stored XSS (CVE-2018-10109). An attacker with the editor role can inject a payload into the content section when creating a new page in the blog catalog; the payload is stored and later rendered, enabling JavaScript execution. Multiple sources corroborate the ed...
CVE-2018-10109
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...