2 matches found
CVE-2018-16978
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473...
CVE-2018-11473
Monstra CMS 3.0.4 contains a Cross‑Site Scripting vulnerability in the user registration path (users/registration). The Nuclei template documents that an attacker can inject arbitrary JavaScript in the victim’s browser within the site’s context, potentially leading to cookie theft and session iss...